MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2

2007-04-01 00:00:00

Microsoft ANI Buffer Overflow Exploit

Author: Trirat Puttaraksa
http://sf-freedom.blogspot.com

Tested on: Windows XP SP2 fully patched + IE 6 SP2

For educational purpose only

There are many confuses about this vulnerability. Someone said that this could
not be exploited in XP SP2 - that's wrong. I provide this exploit because I
wanna to tell these people that they are in danger.
This exploit will call calc.exe (shellcode fome metasploit win32_exec
CMD=calc.exe EXITFUNC=process).

P.S. I do not include the source code for generate the .ani file because of
its damage. However, if you reverse engineer .ani file, you will know how
could I produce this exploit in 10 minutes.

I will describe this vulnerability and how to exploit it in my blog
after M$ released patch.

greets: used SkyLined's idea of exploitation. tnx to him.

http://www.milw0rm.com/sploits/04012007-ani.zip

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.