QEMU code_gen_buffer overflow POC
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: QEMU code_gen_buffer overflow POC
- From: TeLeMan <geleman@xxxxxxxxx>
- Date: Sat, 1 Dec 2007 00:26:53 +0800
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=uyRflUCHIQeBr/HWNV0n5irzCYPe3bqpB5cCgSOnB70=; b=rP+SV1/ACC/Bxekk09GzgSp0HbxUpUm6jvg+eFCwV1q9Z+s094xZscRh3APtQxoIDBWmLcNXITm62yypnwO9Zc6rXClLYZLGOWKbtvDZm/rfY5VHygFhCm6PbUuygbqrKmxINf7ZhDZVwAMbQ0n1ORm+r6yr7Na/h+9zJqKmrFY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:mime-version:content-type; b=rktQVcE4HjmuD/zW9bbIf/guhDtQmsNGiY8PdUMkxulh0TdFVoeeEnTakHsG8fFTRcT6gN+E7/8H+H50n5YUAVCYc9Yw5k4HVh+zOjVevMOcY45usGBHGs2h4SU5Ycc0iyxOAPyRWWn5gTctEi/rMNyEgfJ7Kc4CQV0Dxt9JazQ=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
This POC is a windows exe and was tested on QEMU v0.9.0 (Guest OS is
Windows XP SP2).
This overflow will overwrite the TranslationBlock buffer.
--
SUN OF A BEACH
Attachment:
qemu-dos.rar
Description: Binary data