http://estatistic.planetaclix.pt/downlo ... hed.tar.gz
It already contains the fix to the previous exploit.
Here are the instructions for the dynamic executable to prevent the new exploit:
Code: Select all
bfv_linded.dynamic v1.2 (original)
8759021: 89 c3 mov ebx,eax
8759023: 0f 84 28 f1 ff ff je 8758151
8759029: 89 04 24 mov DWORD PTR [esp],eax
875902c: e8 af a0 fd ff call 87330e0
8759031: 85 c0 test eax,eax
8759033: 0f 84 18 f1 ff ff je 8758151
8759039: 89 1c 24 mov DWORD PTR [esp],ebx
875903c: e8 9f a0 fd ff call 87330e0
8759041: 8b 55 08 mov edx,DWORD PTR [ebp+8]
8759044: 8b 5d 10 mov ebx,DWORD PTR [ebp+0x10]
8759047: 8b 7d 08 mov edi,DWORD PTR [ebp+8]
875904a: 8b 0a mov ecx,DWORD PTR [edx]
875904c: ba 01 00 00 00 mov edx,1
8759051: 89 54 24 0c mov DWORD PTR [esp+0xc],edx
8759055: 0f b6 53 0d movzx edx,BYTE PTR [ebx+0xd]
8759059: 89 44 24 04 mov DWORD PTR [esp+4],eax
875905d: 89 3c 24 mov DWORD PTR [esp],edi
8759060: 89 54 24 08 mov DWORD PTR [esp+8],edx
8759064: ff 91 88 01 00 00 call DWORD PTR [ecx+0x188]
875906a: e9 e2 f0 ff ff jmp 8758151
875906f: 90 nop
Code: Select all
bfv_linded.dynamic v1.2 (patched)
8759021: 74 32 je 8759055
8759023: 8b 40 04 mov eax,DWORD PTR [eax+4]
8759026: 85 c0 test eax,eax
8759028: 74 2b je 8759055
875902a: 8b 5d 10 mov ebx,DWORD PTR [ebp+0x10]
875902d: 0f b6 53 0d movzx edx,BYTE PTR [ebx+0xd]
8759031: 4a dec edx
8759032: 83 fa 01 cmp edx,1
8759035: 77 1e ja 8759055
8759037: 42 inc edx
8759038: 8b 7d 08 mov edi,DWORD PTR [ebp+8]
875903b: 31 c9 xor ecx,ecx
875903d: 41 inc ecx
875903e: 89 4c 24 0c mov DWORD PTR [esp+0xc],ecx
8759042: 89 54 24 08 mov DWORD PTR [esp+8],edx
8759046: 89 44 24 04 mov DWORD PTR [esp+4],eax
875904a: 89 3c 24 mov DWORD PTR [esp],edi
875904d: 8b 0f mov ecx,DWORD PTR [edi]
875904f: ff 91 88 01 00 00 call DWORD PTR [ecx+0x188]
8759055: e9 f7 f0 ff ff jmp 8758151
875905a: 90 90 90 90 90 90 90 nop
8759061: 90 90 90 90 90 90 90 nop
8759068: 90 90 90 90 90 90 90 nop
875906f: 90 nop