Crimson Editor - Overwrite (SEH)

EDB-ID:

11803

CVE:


Author:

sharpe

Type:

dos

Platform:

Windows

Published:

2010-03-18

A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system.

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code, by tricking a user into using a maliciously constructed configuration file (cedt.cfg).

This vulnerability is confirmed in Crimson Editor version 3.70.

A PoC configuration file can be downloaded here:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11803.zip (cedt.zip)


Ref:

    * http://www.crimsoneditor.com/