vendor:
VeryPDF HTML Converter
by:
Robbie Corley
7.5
CVSS
HIGH
SEH based buffer overflow
CWE
Product Name: VeryPDF HTML Converter
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE:
CPE: a:verypdf:html_converter:2.0
Platforms Tested: Windows 7 (x86/x64)
2015
VeryPDF HTML Converter v2.0 SEH/ToLower() Bypass Buffer Overflow
The [ADD URL] feature in VeryPDF HTML Converter v2.0 is vulnerable to an SEH based buffer overflow. This can be exploited by constructing a payload of ASCII characters that contain the payload and pasting it into the textbox. The program's textbox converts ALL pasted data to lowercase, so the Alpha3 tool is used to encode the shellcode into a numerical format to bypass the filter. The exploit also utilizes a null terminated SEH address to gain universal exploitation across all current Windows OSes. The shellcode is placed in the buffer itself since it cannot execute after the buffer (after SEH) due to the null byte cutting off the remaining pieces of the string.
Mitigation:
Patch exists for this vulnerability. Upgrade to the latest version of VeryPDF HTML Converter.