+-------------------------------------------------------------------------+ | This file has been generated by The Iron-Ox Tools | | CopyLeft (c) 2010-2017/VxJump, | | by nEINEI | | Automated Exploit Analysis Tools | +-------------------------------------------------------------------------+ **************************************** 2017/12/26 06:57:17.331 Current Target Process:C:\Program Files\Microsoft Office\Office12\WINWORD.EXE **************************************** OS Version :Windows Win7 Exploit Type:"Office Macro level"Attacking attempt bypass ASLR+DEP+CFI. The functions of Vulnerability:Flash ocx:0x00309a6c 00309A6C: 809A 3000EB19C0 SBB BYTE PTR DS:[EDX+19EB0030],C0H ; 00309A73: 7401 JZ 00309A76 ; 00309A75: 0000 ADD BYTE PTR DS:[EAX],AL ; 00309A77: 0098 A08C0601 ADD BYTE PTR DS:[EAX+01068CA0],BL ; 00309A7D: 0000 ADD BYTE PTR DS:[EAX],AL ; 00309A7F: 00 9C9A 30008E2C ADD BYTE PTR DS:[EBX*4+EDX+2C8E0030H],BL ; 00309A86: BA 6398A08C MOV EDX, 8CA09863 ; 00309A8B: 06 PUSH ES ; Push ES register to the stack 00309A8C: 98 CWDE ; 00309A8D: 9A 3000029C 3000 CALL 0030:9C020030 ; Far call 00309A94: 0000 ADD BYTE PTR DS:[EAX],AL ; 00309A96: 0000 ADD BYTE PTR DS:[EAX],AL ; 00309A98: 0000 ADD BYTE PTR DS:[EAX],AL ; 00309A9A: 0000 ADD BYTE PTR DS:[EAX],AL ; 00309A9C: 349B XOR AL, 9B ; 00309A9E: 3000 XOR BYTE PTR DS:[EAX],AL ; 00309AA0: 0BC0 OR EAX, EAX ; 00309AA2: BA 6398A08C MOV EDX, 8CA09863 ; 00309AA7: 06 PUSH ES ; Push ES register to the stack 00309AA8: 5C POP ESP ; //-------------------------------------------------------------------------------------------------------