Microsoft ANI Buffer Overflow Exploit

vendor:

Windows XP

by:

Trirat Puttaraksa

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Windows XP

Affected Version From: Windows XP SP2

Affected Version To: Windows XP SP2

Patch Exists: NO

Related CWE:

CPE: o:microsoft:windows_xp::sp2

Metasploit:

Other Scripts:

Platforms Tested: Windows XP

2007

Microsoft ANI Buffer Overflow Exploit

This exploit targets a buffer overflow vulnerability in Microsoft ANI file format. The exploit triggers the vulnerability to execute arbitrary code, in this case, launching the calculator application. The exploit is provided for educational purposes only.

Mitigation:

Apply the patch released by Microsoft.

Source

Exploit-DB raw data:

Microsoft ANI Buffer Overflow Exploit

Author: Trirat Puttaraksa
http://sf-freedom.blogspot.com

Tested on: Windows XP SP2 fully patched + IE 6 SP2

For educational purpose only

There are many confuses about this vulnerability. Someone said that this could
not be exploited in XP SP2 - that's wrong. I provide this exploit because I 
wanna to tell these people that they are in danger. 
This exploit will call calc.exe (shellcode fome metasploit win32_exec 
CMD=calc.exe EXITFUNC=process).

P.S. I do not include the source code for generate the .ani file because of
its damage. However, if you reverse engineer .ani file, you will know how
could I produce this exploit in 10 minutes.

I will describe this vulnerability and how to exploit it in my blog 
after M$ released patch.

greets: used SkyLined's idea of exploitation.  tnx to him.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/3635.zip (04012007-ani.zip)

# milw0rm.com [2007-04-01]