Articles by ‘dookie2000ca’

Foxit Reader Stack Overflow Exploit – Egghunter Edition

14th November 2010

Foxit
Some time ago, when Adobe Reader 0days were dropping left, right, and centre, Foxit Reader was frequently mentioned as a safer alternative to using Adobe. While it may be true that there are not as many exploits available for Foxit, that does not mean that it is invincible.
(more…)

UFO: Alien Invasion Part 2 – One More Thing…

28th June 2010

UFO alien invasion exploitThis post is a continuation of part 1 of exploiting UFO: Alien Invasion.  When I was downloading this game, I noticed that they had a version for Mac OSX as well and since public Mac exploits are few and far between, it seemed like a good idea to see if this attack could be extended to target OSX as well. Exploiting a Mac also gives us the opportunity to practice our GNU Debugger (GDB) skills.
We begin our journey by launching UFOAI on the victim and attaching to the process with the GDB.

(more…)

UFO: Alien Invasion Part 1 – From Packet to Pwnage

28th June 2010

UFO alien invasion exploitIn addition to accepting submissions, we at the Exploit Database also have the opportunity to verify the exploits that we post on the site. Recently, I came across an exploit advisory by Jason Geffner targeting the open-source game, UFO: Alien Invasion that I subsequently posted on the Exploit Database. UFO: Alien Invasion (UFOAI) contains an IRC client and in version 2.2.1 and below, when a user is coerced into connecting to a malicious IRC server, remote code execution is possible due to the fact that the irc_server_msg_t structure does not perform proper input sanitization allowing its 512-byte buffer to be over-run by a malicious server response.

(more…)