MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2

2007-04-01T00:00:00
ID 1337DAY-ID-8891
Type zdt
Reporter Trirat Puttaraksa
Modified 2007-04-01T00:00:00

Description

Exploit for unknown platform in category remote exploits

                                        
                                            ==============================================================
MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2
==============================================================

Microsoft ANI Buffer Overflow Exploit

Author: Trirat Puttaraksa
http://sf-freedom.blogspot.com

Tested on: Windows XP SP2 fully patched + IE 6 SP2

For educational purpose only

There are many confuses about this vulnerability. Someone said that this could
not be exploited in XP SP2 - that's wrong. I provide this exploit because I 
wanna to tell these people that they are in danger. 
This exploit will call calc.exe (shellcode fome metasploit win32_exec 
CMD=calc.exe EXITFUNC=process).

P.S. I do not include the source code for generate the .ani file because of
its damage. However, if you reverse engineer .ani file, you will know how
could I produce this exploit in 10 minutes.

I will describe this vulnerability and how to exploit it in my blog 
after M$ released patch.

greets: used SkyLined's idea of exploitation.  tnx to him.

http://www.inj3ct0r.com/sploits/8891.zip




#  0day.today [2018-01-01]  #