by Julien Ahrens | Saturday, April 21, 2012 | Uncategorized
Just a short notice as an addendum to IA2: A new version (1.6) of the “Free WMA MP3 Converter” by eusing.com has been released which is still vulnerable to the same issue like all versions before. The interesting part here ? Well I’ve noticed the...
by Julien Ahrens | Friday, March 9, 2012 | Uncategorized
Hello readers, I recently found a local buffer overflow vulnerability in Pitrinec Macro Toolworks v7.5.0, which is very easy to exploit at all. For demonstration purposes I will show you one possible way of getting your own shellcode to run using this overflow. There...
by Julien Ahrens | Tuesday, February 21, 2012 | Uncategorized
About an old, but useful application and just to prove it’s there: #!/usr/bin/python # Exploit Title: DAMN Hash Calculator v1.5.1 Local Heap Overflow PoC # Version: 1.5.1 # Date: 2012-02-21 # Author: Julien Ahrens # Homepage: https://www.rcesecurity.com #...
by Julien Ahrens | Saturday, January 21, 2012 | Uncategorized
I’ve found a local stack buffer overflow vulnerability in “Free WMA MP3 Converter” version 1.5 which could lead to a remote shell when using the proper shellcode. This exploit is slightly different compared to the others out there: It’s for the...
by Julien Ahrens | Sunday, January 8, 2012 | Uncategorized
Here’s my first realapplication vulnerability :-). Since this is only a small bug with nobigger impact its severity is therefor considered as “low”. [IA1] GPSMapEdit v1.1.73.2 (.lst) Local Denial of Service Vulnerability Details =============...
by Julien Ahrens | Saturday, December 10, 2011 | Uncategorized
In my first tutorial I’ve taken a JMP ESP from some system .dll called WMVCore.dll. Since this isn’t a reliable jump, because the WMVCore.dll might differ from OS version to OS version, it would be more reliable to take one from a loaded application DLL....
