QEMU code_gen_buffer overflow POC

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: QEMU code_gen_buffer overflow POC
From: TeLeMan <geleman@xxxxxxxxx>
Date: Sat, 1 Dec 2007 00:26:53 +0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=uyRflUCHIQeBr/HWNV0n5irzCYPe3bqpB5cCgSOnB70=; b=rP+SV1/ACC/Bxekk09GzgSp0HbxUpUm6jvg+eFCwV1q9Z+s094xZscRh3APtQxoIDBWmLcNXITm62yypnwO9Zc6rXClLYZLGOWKbtvDZm/rfY5VHygFhCm6PbUuygbqrKmxINf7ZhDZVwAMbQ0n1ORm+r6yr7Na/h+9zJqKmrFY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:mime-version:content-type; b=rktQVcE4HjmuD/zW9bbIf/guhDtQmsNGiY8PdUMkxulh0TdFVoeeEnTakHsG8fFTRcT6gN+E7/8H+H50n5YUAVCYc9Yw5k4HVh+zOjVevMOcY45usGBHGs2h4SU5Ycc0iyxOAPyRWWn5gTctEi/rMNyEgfJ7Kc4CQV0Dxt9JazQ=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This POC is a windows exe and was tested on QEMU v0.9.0 (Guest OS is
Windows XP SP2).
This overflow will overwrite the TranslationBlock buffer.

-- 
SUN OF A BEACH

Attachment: qemu-dos.rar
Description: Binary data

Prev by Date: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Next by Date: Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer"
Previous by thread: Re: PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Next by thread: rPSA-2007-0255-1 nss_ldap
Index(es):
- Date
- Thread