Exploits
GHDB
Papers
Shellcodes
Search EDB
SearchSploit Manual
Submissions
Online Training
Stats
About Us
Search
PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23496.tar.gz CommandLine: "C:\Program Files\DIMIN\Viewer5\imgview5.exe" Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ModLoad: 00400000 006bb000 image00400000 ModLoad: 7c900000 7c9b0000 ntdll.dll ModLoad: 7c800000 7c8f4000 C:\WINDOWS\system32\kernel32.dll ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\advapi32.dll ModLoad: 77e70000 77f01000 C:\WINDOWS\system32\RPCRT4.dll ModLoad: 773d0000 774d2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll ModLoad: 77f10000 77f56000 C:\WINDOWS\system32\GDI32.dll ModLoad: 77d40000 77dd0000 C:\WINDOWS\system32\USER32.dll ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll ModLoad: 763b0000 763f9000 C:\WINDOWS\system32\comdlg32.dll ModLoad: 7c9c0000 7d1d4000 C:\WINDOWS\system32\SHELL32.dll ModLoad: 774e0000 7761c000 C:\WINDOWS\system32\ole32.dll ModLoad: 77120000 771ac000 C:\WINDOWS\system32\oleaut32.dll ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\version.dll ModLoad: 76b40000 76b6d000 C:\WINDOWS\system32\winmm.dll ModLoad: 73000000 73026000 C:\WINDOWS\system32\winspool.drv (ed4.988): Break instruction exception - code 80000003 (first chance) eax=00251eb4 ebx=7ffdb000 ecx=00000000 edx=00000001 esi=00251f48 edi=00251eb4 eip=7c901230 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - ntdll!DbgBreakPoint: 7c901230 cc int 3 0:000> g ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL ModLoad: 5dac0000 5dac8000 C:\WINDOWS\system32\rdpsnd.dll ModLoad: 76360000 76370000 C:\WINDOWS\system32\WINSTA.dll ModLoad: 5b860000 5b8b4000 C:\WINDOWS\system32\NETAPI32.dll ModLoad: 76bf0000 76bfb000 C:\WINDOWS\system32\PSAPI.DLL ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll ModLoad: 74720000 7476b000 C:\WINDOWS\system32\MSCTF.dll ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime ModLoad: 10000000 100a7000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_dcraw.dll ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.dll ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll ModLoad: 00e90000 00ee3000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_ffmpeg.dll ModLoad: 68700000 68ada000 C:\Program Files\DIMIN\Viewer5\avcodec-51.dll ModLoad: 6b780000 6b796000 C:\Program Files\DIMIN\Viewer5\avutil-49.dll ModLoad: 6a540000 6a5cb000 C:\Program Files\DIMIN\Viewer5\avformat-52.dll ModLoad: 67f40000 67f64000 C:\Program Files\DIMIN\Viewer5\swscale-0.dll ModLoad: 00f10000 00f28000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_ibw.dll ModLoad: 00f40000 0104f000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_xtd_formats.dll ModLoad: 01070000 0108a000 C:\Program Files\DIMIN\Viewer5\plugin_filters\div5_morphology.dll ModLoad: 010b0000 010da000 C:\Program Files\DIMIN\Viewer5\plugin_filters\div5_xtdFilters.dll ModLoad: 77920000 77a13000 C:\WINDOWS\system32\SETUPAPI.dll ModLoad: 77b40000 77b62000 C:\WINDOWS\system32\appHelp.dll ModLoad: 76fd0000 7704f000 C:\WINDOWS\system32\CLBCATQ.DLL ModLoad: 77050000 77115000 C:\WINDOWS\system32\COMRes.dll ModLoad: 77a20000 77a74000 C:\WINDOWS\System32\cscui.dll ModLoad: 76600000 7661d000 C:\WINDOWS\System32\CSCDLL.dll ModLoad: 75f80000 7607d000 C:\WINDOWS\system32\browseui.dll ModLoad: 76990000 769b5000 C:\WINDOWS\system32\ntshrui.dll ModLoad: 76b20000 76b31000 C:\WINDOWS\system32\ATL.DLL ModLoad: 769c0000 76a73000 C:\WINDOWS\system32\USERENV.dll ModLoad: 76980000 76988000 C:\WINDOWS\system32\LINKINFO.dll ModLoad: 77760000 778d0000 C:\WINDOWS\system32\SHDOCVW.dll ModLoad: 77a80000 77b14000 C:\WINDOWS\system32\CRYPT32.dll ModLoad: 77b20000 77b32000 C:\WINDOWS\system32\MSASN1.dll ModLoad: 754d0000 75550000 C:\WINDOWS\system32\CRYPTUI.dll ModLoad: 76c30000 76c5e000 C:\WINDOWS\system32\WINTRUST.dll ModLoad: 76c90000 76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll ModLoad: 771b0000 7727e000 C:\WINDOWS\system32\WININET.dll ModLoad: 01790000 01799000 C:\WINDOWS\system32\Normaliz.dll ModLoad: 5dca0000 5dce5000 C:\WINDOWS\system32\iertutil.dll ModLoad: 76f60000 76f8c000 C:\WINDOWS\system32\WLDAP32.dll ModLoad: 74e30000 74e9c000 C:\WINDOWS\system32\RichEd20.dll ModLoad: 20000000 202c5000 C:\WINDOWS\system32\xpsp2res.dll ModLoad: 5cb00000 5cb6e000 C:\WINDOWS\system32\shimgvw.dll ModLoad: 4ec50000 4edf3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (ed4.988): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=0000001c ecx=0012f108 edx=00130000 esi=00000483 edi=0041b0c4 eip=0059b5a4 esp=0011ef50 ebp=0011ef88 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 *** WARNING: Unable to verify checksum for image00400000 *** ERROR: Module load completed but symbols could not be loaded for image00400000 image00400000+0x19b5a4: 0059b5a4 8902 mov dword ptr [edx],eax ds:0023:00130000=78746341 0:000> !load MSEC.dll 0:000> !exploitable -v HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception Exception Faulting Address: 0x130000 First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) Exception Sub-Type: Write Access Violation Exception Hash (Major/Minor): 0x6f00020e.0x4621230e Stack Trace: image00400000+0x19b5a4 image00400000+0x19b73d image00400000+0x19b9b3 Instruction Address: 0x000000000059b5a4 Description: User Mode Write AV Short Description: WriteAV Exploitability Classification: EXPLOITABLE Recommended Bug Title: Exploitable - User Mode Write AV starting at image00400000+0x000000000019b5a4 (Hash=0x6f00020e.0x4621230e) User mode write access violations that are not near NULL are exploitable.