CVE-2009-0689

This code is a minimal stub demonstrating the strtod function call with a malformed input string, which was reported to trigger a memory corruption vulnerability in Mac OS X 10.5 and 10.6. However, it lacks exploit payloads or mechanisms to achieve arbitrary code execution.

This exploit leverages a memory corruption vulnerability in MATLAB R2009b due to improper bounds-checking of array indices. The PoC uses a PHP script to generate a large string to trigger the vulnerability, potentially leading to arbitrary code execution.

This exploit leverages a memory corruption vulnerability in Opera Web Browser by creating an extremely long floating-point number in JavaScript, which can lead to remote code execution or denial-of-service conditions.

This exploit leverages a memory corruption vulnerability in KDELibs by crafting a maliciously large floating-point number in JavaScript, which can lead to remote code execution or denial-of-service conditions.

The exploit demonstrates a remote array overrun vulnerability in KDELibs 4.3.3 due to a flaw in the dtoa implementation, allowing arbitrary code execution via a crafted JavaScript float value.

The exploit demonstrates a remote array overrun vulnerability in SeaMonkey 1.1.18 due to a flaw in the dtoa implementation, allowing arbitrary code execution via a crafted JavaScript float value.

This exploit leverages a dtoa implementation flaw in Opera 10.01, causing an array overrun via a maliciously crafted floating-point number in JavaScript, leading to arbitrary code execution.

This exploit demonstrates a remote array overrun vulnerability in K-Meleon 1.5.3 due to improper handling of long float numbers in the dtoa implementation, leading to arbitrary code execution. The PoC uses a JavaScript snippet to trigger the vulnerability by creating an excessively long float value.

This exploit leverages a heap-based buffer overflow in Mozilla Firefox by using a maliciously crafted JavaScript script with an extremely long string to trigger arbitrary code execution or denial-of-service conditions.

The exploit demonstrates a memory corruption vulnerability in multiple BSD distributions due to improper bounds-checking in printf's floating-point formatting. The PoC triggers the issue using crafted format strings, potentially leading to arbitrary code execution.

This is a detailed writeup describing a remote array overrun vulnerability in Mozilla Sunbird 0.9, leading to arbitrary code execution. The vulnerability is due to an issue in the dtoa implementation in js3250.dll, allowing memory corruption via crafted float values.

This repository contains a functional exploit for CVE-2009-0689, targeting a vulnerability in the Wii's str2hax exploit chain. It includes a chain builder, loader, and payload components designed to achieve remote code execution by manipulating heap structures and executing crafted instructions.