CyberLink Power2Go "name" attribute (.p2g) Stack Buffer Overflow Exploit #329
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
April 12, 2012 13:10
…nnotateX.dll Uninitialized Pointer Remote Code Execution
…talled by default on alot of HP notebooks along with the CD installer. Not quite sure this was exploited earlier..
|
Focusing on product testing right now, but I will get to this, thanks. |
|
oh... I just noticed that this branch is also the same branch as the annotation activeX exploit, which appears to be an older version of what we have now. mr_me, could you please create a new branch instead, move your cyberlink exploit to it, and then do a new pull request? That way the cyberlink exploit is a separate request, not mixed with annotation activeX. Thanks. |
|
yeah np, sorry git noobness is shinning |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Not sure why there was no exploit written for this vulnerability. Finding the gadget was easy.
Original poc crash by modpr0be: http://www.exploit-db.com/exploits/18220/
CVE: ?
Tested on xp/vista/win7 using power2go v8.x