CVE-2012-1889 PoC — Microsoft XML Core Services缓冲区错误漏洞

Source

https://github.com/whu-enjoy/CVE-2012-1889

Associated Vulnerability

Title:Microsoft XML Core Services缓冲区错误漏洞 (CVE-2012-1889)
Description:Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Description

这里保存着我学习CVE-2012-1889这个漏洞的利用所用到的文件

Readme

# CVE-2012-1889
这里保存着我学习CVE-2012-1889这个漏洞的利用所用到的文件
<pre>
1.txt					第一次模块信息
2.txt					第二次模块信息					
c2javascript.c				用于将C语言形式的shellcode转化成javascript形式的shellcode
cve-2012-1889.html			漏洞利用网页
cve-2012-1889-test-poc.html		测试系统是否存在cve-2012-1889漏洞的poc网页
ImmunityDebugger_1_85_setup.exe		ImmunityDebbug，用于生成rop链与查找某些指令地址(自行下载)
jre-6u37.zip				安装后，用于提供未开启ASLR保护的模块(自行下载)
log.txt					我电脑上用mona插件生成的rop链日志
mona.py					用于生成rop链的插件
shellcode_test.c 			用于测试shellcode的功能
Windbgx86_v6.12.2.633.1395371577.msi	Windbg,用于调试程序(自行下载)
</pre>

File Snapshot


 [4.0K]  /data/pocs/adbb5800fa7a8c42f64ac138e6627522818c46d3
├── [8.2K]  1.txt
├── [8.2K]  2.txt
├── [1.4K]  ctojavascript.c
├── [4.3K]  cve-2012-1889.html
├── [ 535]  cve-2012-1889-test-poc.html
├── [ 16K]  log.txt
├── [493K]  mona.py
├── [ 809]  README.md
└── [1.1K]  shellcode_test.c

0 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!