0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Exploit
[#!/usr/bin/perl # # # TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability # # # Vendor: TECO Electric and Machinery Co., Ltd. # Product web page: http://www.teco-group.eu # Download: http://globalsa.teco.com.tw/support_download.aspx?KindID=9 # Affected version: 3.51 and 3.40 # # Summary: SG2 Client is a program that enables to create and edit applications. # The program is providing two edit modes, LADDER and FBD to rapidly and directly # input the required app. The Simulation Mode allows users to virtually run and test # the program before it is loaded to the controller. # # Desc: The vulnerability is caused due to a boundary error in the processing # of a Genie FBD, which can be exploited to cause a buffer overflow when a # user opens e.g. a specially crafted .GFB file. Successful exploitation could # allow execution of arbitrary code on the affected machine. # # --------------------------------------------------------------------------------- # (fb0.fd0): Access violation - code c0000005 (!!! second chance !!!) # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\windows\SysWOW64\ntdll.dll - # *** WARNING: Unable to verify checksum for C:\Program Files (x86)\TECO\SG2 Client\FBD.EXE # *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files (x86)\TECO\SG2 Client\FBD.EXE # eax=4141413f ebx=00000004 ecx=41414141 edx=41414141 esi=0018f578 edi=00a642e8 # eip=00440b57 esp=0018ef9c ebp=0000003f iopl=0 nv up ei pl nz na po nc # cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 # FBD+0x40b57: # 00440b57 8995a0000000 mov dword ptr [ebp+0A0h],edx ss:002b:000000df=???????? # --------------------------------------------------------------------------------- # # Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit # Microsoft Windows 7 Ultimate SP1 (EN) 64bit # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # @zeroscience # # # Advisory ID: ZSL-2015-5276 # Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5276.php # # # 09.10.2015 # PoC: - http://zeroscience.mk/codes/sg2fbd-5276.zip # 0day.today [2025-01-06] #