2011-08-22

WinXP Compiled Help File (CHM) DoS (hh.exe)

Here's a PoC Windows XP 'Compiled Help File' (CHM) DoS which has been sitting on my hard disk for a while, tested working on fully patched WinXP SP3 32bit machine:

Crashing Executable: hh.exe
Version: 5.2.3790.2453

WinDbg result:
(ed8.edc): Stack overflow - code c00000fd (!!! second chance !!!)
eax=00042968 ebx=000af0b0 ecx=00042964 edx=0007ebb0 esi=000af0b0 edi=0007ebe0
eip=65e3d633 esp=0007e95c ebp=0007ebb4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
itss!_chkstk+0x33:
65e3d633 8501 test dword ptr [ecx],eax ds:0023:00042964=00000000
!exploitable result:
Exploitability Classification: UNKNOWN
Recommended Bug Title: Stack Overflow starting at itss!_chkstk+0x0000000000000033 (Hash=0x7c592e02.0x7a176714)
Download PoC Here

No comments:

Post a Comment