WinJPEGbufferExp_MS04-028.sh提交时间:2004-09-23 提交用户:dav1d 工具分类:攻击程序 运行平台:Windows 工具大小:4464 Bytes 文件MD5 :78666a3a509861cea8ca1d0780d0d134 工具来源:packet storm # The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw # The crafted JPEG header makes Windows crash a couple of different ways # 1) First, it crashes when the image is opened. # 2) Second, it crashes when hovering the mouse over the image. # # The pointer overwrite is pretty straight forward in a debugger # # Usage: # sh ms04-028.sh > clickme.jpg # # Note: This isn't a ./hack # - Plug in shellcode and get the address # - You non-kiddies out there are smart enough to fill in the blanks # - Until you do the above, it's just a stupid PoC crash >> 下载 << |
