BeyondCHM 1.1 - Buffer Overflow

EDB-ID:

18776

CVE:



Author:

shinnai

Type:

dos


Platform:

Windows

Date:

2012-04-24


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
=============================================================================
 BeyondCHM 1.1 Buffer Overflow (price 32.56 EUR)
 Url: http://www.beyondchm.com/

 Author: shinnai
 mail:   shinnai[at]autistici[dot]org
 site:   http://shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Microsoft Windows 7 Professional 
 6.1.7601 Service Pack 1 build 7601

 Info (http://www.beyondchm.com/):
 Beyond CHM is a powerful chm reader and chm editor, It enables user to
 open multiple tabs at the same time. With this CHM viewer, user can edit
 CHM files, including highlighting CHM text, changing font and font size,
 removing contents, adding comments and so on, all the changes can be saved
 persistently. Additionally, user can switch Beyond CHM between reader
 mode and editor mode easily. In reader mode, users can zoom on CHM pages
 and navigate among CHM pages easily. Beyond CHM is a good Microsoft HTML
 Help Tool replacement, which supports nearly all Windows operation systems.
 
 PoC released as is, I have no time at the moment for further investigations
 
=============================================================================
=============================================================================

 Crafting a .chm file is possible to cause a stack based buffer overflow.

 PoC: http://shinnai.altervista.org/exploits/chm.rar
      https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18776.rar

=============================================================================
=============================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)

iQIcBAEBAgAGBQJPllNzAAoJEJlK/ai8vywmNcQQALVZzxXPZOLM8ghXeFoIZk1Y
zumWMQdE4TLQcwg2WNUcGzSvTLss/xMHdBDsHlzXslTBKYwN2W8BBCD0H8MLnhuE
3Vei9nokJDAy6ZKYL8rOeIcuknHIDwf4fjsejDnH1LDdPlKooB+4tYkpGbUcff96
RD4plKA/Olp4SlNPT2U3cEK940ahf6G9W2LGunWgB6jsydudAWUzgVG+sLI+kOmK
QAEe6aHsBVzR8zPHJzggkescICcQVxHdg/ppYxRr5lzeyEYUkHS+aY4k3Mr5U2My
E0l5QMCozoeSQPujW6U3U91TqkXpjViSuoaY+1v6shxyQbSvtHd6946YUMl7qMCI
xzAeofga7JCErH1lltVbUKUnoy6fmbd5F9x2TRIVUSdtoPEFgiHBi0HCRHimx/XS
Cxs/LDRyvM0oAYfbiEqRFm/bkoBxScMVQmXq+ZxRFYfihpU/U2jCfY3yk1E4UAsy
0PL0DVUtvt2Fro09pobXkYlVbRjH4BJwu9/Y4Ko/ZMqWFLDmGGEQiDtRB60n3oNm
k2CmmsVWTmYpIJ6Rlt3azIYRGCqRGALiB9Eph7WcZnij6y4PwSsNpf6uMZH864EM
J3QTi2Xhn+zEq4XEU7IHRRrFyJQOF+0TUV+qYMR+NuBmPhWXk27n6AXQJbu+RjAm
8dBjL95Ghi8s0VQt4rjb
=3c+B
-----END PGP SIGNATURE-----