Winlog Lite SCADA HMI System SEH Overwrite Exploit

Summary

Winlog Lite SCADA HMI system SEH suffers from overwrite vulnerability

Credit:

The information has been provided by Ciph3r.


Details

Vulnerable Systems:
 * Winlog Lite SCADA HMI System

After run Winlog Lite SCADA HMI SYSTEM go to Tools Menu and Application Builder So , we can inject our Data to Application Name and Select Build Bottom after attach program to debugger :

9986 byte A + Pointer to next SEH record (6 byte jmp) +
SE handler –> Non-SafeSEH Address for bypass SafeSEH Protection(0x32450A7B) + NOP + jmp ESP (0x7C86467B) + shellcode

Disclosure Timeline:
Published: 2012-08-29

Categories: Exploits