59 lines
No EOL
2.6 KiB
Text
59 lines
No EOL
2.6 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA1
|
|
|
|
=============================================================================
|
|
=============================================================================
|
|
BeyondCHM 1.1 Buffer Overflow (price 32.56 EUR)
|
|
Url: http://www.beyondchm.com/
|
|
|
|
Author: shinnai
|
|
mail: shinnai[at]autistici[dot]org
|
|
site: http://shinnai.altervista.org/
|
|
|
|
This was written for educational purpose. Use it at your own risk.
|
|
Author will be not responsible for any damage.
|
|
|
|
Tested on:
|
|
Microsoft Windows 7 Professional
|
|
6.1.7601 Service Pack 1 build 7601
|
|
|
|
Info (http://www.beyondchm.com/):
|
|
Beyond CHM is a powerful chm reader and chm editor, It enables user to
|
|
open multiple tabs at the same time. With this CHM viewer, user can edit
|
|
CHM files, including highlighting CHM text, changing font and font size,
|
|
removing contents, adding comments and so on, all the changes can be saved
|
|
persistently. Additionally, user can switch Beyond CHM between reader
|
|
mode and editor mode easily. In reader mode, users can zoom on CHM pages
|
|
and navigate among CHM pages easily. Beyond CHM is a good Microsoft HTML
|
|
Help Tool replacement, which supports nearly all Windows operation systems.
|
|
|
|
PoC released as is, I have no time at the moment for further investigations
|
|
|
|
=============================================================================
|
|
=============================================================================
|
|
|
|
Crafting a .chm file is possible to cause a stack based buffer overflow.
|
|
|
|
PoC: http://shinnai.altervista.org/exploits/chm.rar
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18776.rar
|
|
|
|
=============================================================================
|
|
=============================================================================
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v1.4.12 (MingW32)
|
|
|
|
iQIcBAEBAgAGBQJPllNzAAoJEJlK/ai8vywmNcQQALVZzxXPZOLM8ghXeFoIZk1Y
|
|
zumWMQdE4TLQcwg2WNUcGzSvTLss/xMHdBDsHlzXslTBKYwN2W8BBCD0H8MLnhuE
|
|
3Vei9nokJDAy6ZKYL8rOeIcuknHIDwf4fjsejDnH1LDdPlKooB+4tYkpGbUcff96
|
|
RD4plKA/Olp4SlNPT2U3cEK940ahf6G9W2LGunWgB6jsydudAWUzgVG+sLI+kOmK
|
|
QAEe6aHsBVzR8zPHJzggkescICcQVxHdg/ppYxRr5lzeyEYUkHS+aY4k3Mr5U2My
|
|
E0l5QMCozoeSQPujW6U3U91TqkXpjViSuoaY+1v6shxyQbSvtHd6946YUMl7qMCI
|
|
xzAeofga7JCErH1lltVbUKUnoy6fmbd5F9x2TRIVUSdtoPEFgiHBi0HCRHimx/XS
|
|
Cxs/LDRyvM0oAYfbiEqRFm/bkoBxScMVQmXq+ZxRFYfihpU/U2jCfY3yk1E4UAsy
|
|
0PL0DVUtvt2Fro09pobXkYlVbRjH4BJwu9/Y4Ko/ZMqWFLDmGGEQiDtRB60n3oNm
|
|
k2CmmsVWTmYpIJ6Rlt3azIYRGCqRGALiB9Eph7WcZnij6y4PwSsNpf6uMZH864EM
|
|
J3QTi2Xhn+zEq4XEU7IHRRrFyJQOF+0TUV+qYMR+NuBmPhWXk27n6AXQJbu+RjAm
|
|
8dBjL95Ghi8s0VQt4rjb
|
|
=3c+B
|
|
-----END PGP SIGNATURE----- |