MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2
# Published : 2007-04-01
# Author : Trirat Puttaraksa
# Previous Title : MS Windows XP/Vista Animated Cursor (.ANI) Remote Overflow Exploit
# Next Title : MS Windows Animated Cursor (.ANI) Remote Exploit (eeye patch bypass)

Microsoft ANI Buffer Overflow Exploit

Author: Trirat Puttaraksa
http://sf-freedom.blogspot.com

Tested on: Windows XP SP2 fully patched + IE 6 SP2

For educational purpose only

There are many confuses about this vulnerability. Someone said that this could
not be exploited in XP SP2 - that's wrong. I provide this exploit because I 
wanna to tell these people that they are in danger. 
This exploit will call calc.exe (shellcode fome metasploit win32_exec 
CMD=calc.exe EXITFUNC=process).

P.S. I do not include the source code for generate the .ani file because of
its damage. However, if you reverse engineer .ani file, you will know how
could I produce this exploit in 10 minutes.

I will describe this vulnerability and how to exploit it in my blog 
after M$ released patch.

greets: used SkyLined's idea of exploitation.  tnx to him.

http://www.exploit-db.com/sploits/04012007-ani.zip

# www.Syue.com [2007-04-01]