Ollydbg 1.10 local format string vulnerability
 extremis <extremis exploit org> |
Monday, April 23 2007 13:50.08 CDT |
http://www.milw0rm.com/exploits/3757
This PoC performs code execution to launch calc.exe. Should be simple to modify.
I wonder how long before it is used.
Comments
 pedram |
Posted: Monday, April 23 2007 18:40.15 CDT |
|
Isn't this the same issue that has been known for quite some time? Format string in processing of OutputDebugString() messages: http://www.openrce.org/reference_library/anti_reversing_view/21/ |
|
 anonymouse |
Posted: Tuesday, April 24 2007 00:08.44 CDT |
|
and isnt there N number of unofficial patches available to thwart this problem ? including a readymade tool call RE-Pair by crudd ? http://exetools.com/forum/showthread.php?t=6507&page=1&pp=15 |
|
 Piotr |
Posted: Sunday, April 29 2007 01:50.14 CDT |
|
Holy cow, i released the same bug at 15/03/2005 and even though it seems it was previously known. Well it's funny to see someone is more out-of-date then me, finally :) *grin* Some urls: http://piotrbania.com/all/adv/olly-adv.txt http://piotrbania.com/all/adv/POC/OllyPOC.zip |
|
|
anonymouse |
Posted: Sunday, April 29 2007 11:07.02 CDT |
|
i saw that long long back iirc this thread was the hot news then i think http://www.woodmann.com/forum/showthread.php?t=6153&highlight=ollydbg+format+string |
|