Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055)

セキュリティ

MS07-055TIFFに関するExploitが出ています。(PoCかな)

# Note: This exploit is modified from Hong Gil-Dong, Jeon Woo-chi PoC 
# (http://www.milw0rm.com/exploits/4584)
#
# Internet Explorer has standart ImageBase address and PE Win32 header
# is started at 0x00400000 in memory. So memory cell at the address
# 0x00400008 contains the short value 0x0004 and at the address
# 0x00400011 it contains the long value 0x00000000 in any case.
# I used these addresses for generating of TIFF-file that uses
# vulnerability and for controling of EIP.
#
# This exploit tested on:
#  - Windows 2000 SP4 + IE5.01
#  - Windows 2000 SP4 + IE5.5
#  - Windows 2000 SP4 + IE6.0 SP1

screenshot