# Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055)
#
# Author: grabarz <grabarz [at] grabarz.info>
#
# Note: This exploit is modified from Hong Gil-Dong, Jeon Woo-chi PoC
# (http://www.milw0rm.com/exploits/4584)
#
# Internet Explorer has standart ImageBase address and PE Win32 header
# is started at 0x00400000 in memory. So memory cell at the address
# 0x00400008 contains the short value 0x0004 and at the address
# 0x00400011 it contains the long value 0x00000000 in any case.
# I used these addresses for generating of TIFF-file that uses
# vulnerability and for controling of EIP.
#
# This exploit tested on:
#  - Windows 2000 SP4 + IE5.01
#  - Windows 2000 SP4 + IE5.5
#  - Windows 2000 SP4 + IE6.0 SP1
#
# Credit: Hong Gil-Dong, Jeon Woo-chi, metasploit, SkyLined
#
# invokes calc.exe if successful

   http://es.wikipedia.org/wiki/TIFF