Cam2pc BMP Image Processing Integer Overflow Vulnerability

vendor:

Cam2pc

by:

coolkaveh

7,5

CVSS

HIGH

Integer Overflow

190

CWE

Product Name: Cam2pc

Affected Version From: 4.6.2 Freeware

Affected Version To: Other versions may also be affected.

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3 ENG

2013

Cam2pc BMP Image Processing Integer Overflow Vulnerability

Cam2pc is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Exploiting this issue could allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.

Mitigation:

Input validation should be used to ensure that untrusted data is not allowed to affect the control flow of a program.

Source

Exploit-DB raw data:

Application:  Cam2pc BMP Image Processing Integer Overflow Vulnerability
Platforms:    Windows
Vendor  : http://www.nabocorp.co
Versions :    The vulnerability is confirmed in version 4.6.2 Freeware
Edition Other versions may also be affected.
Date     :    2013-03-13
Contact  :    kavehghaemmaghami@googlemail.com
Twitter  :    @coolkaveh
tested   :    Windows XP SP3 ENG
Discovered by   :coolkaveh

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

1) Introduction
2) Report Timeline
3) Technical details
4) POC


------------------------------------------------------------------------------------------------------------------------------------------------------------------------

===============
1) Introduction
===============

Cam2pc is the tool for digital camera: from picture download to
browsing and viewing, cam2pc has all
The features to ease digital imaging life. Editing images, and manage
all the processes
(rotate, zoom, adjust brightness and contrast, fix red eyes). Browse
and fine your media files, view
Images and videos, transfer photos from digital camera, produce fun
content out of your favorite images:
Make Web albums, galleries, and slideshows.

(http://www.nabocorp.com/)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

============================
2) Report Timeline
============================

2013-01-15: Vulnerability reported to vendor
No response has been received
2013-02-05: Vulnerability reported again to vendor
No response has been received
2013-02-26: Vulnerability reported again to vendor
No response has been received
2013-03-13: Public Disclosure

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

============================
3) Technical details
============================
The vulnerability is caused due to an integer overflow error in the
cam2pc.exe When allocating memory
For BITMAP INFO HEADER (biHeight) values. This can be exploited to cause
a heap-based buffer overflow
Via a specially crafted BMP,JPG,TIF file.

Successful exploitation may allow execution of arbitrary code, but
requires tricking a user into opening a malicious file.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

===========
4) POC
===========

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24743.rar

Password for attached rar file is 123