Cam2pc 4.6.2 – ‘.BMP’ Image Processing Integer Overflow

• Exploit Database
• 13 阅读

• 作者： coolkaveh
  日期： 2013-03-13
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/24743/

• Application:Cam2pc BMP Image Processing Integer Overflow Vulnerability
  Platforms:Windows
  Vendor: http://www.nabocorp.co
  Versions :The vulnerability is confirmed in version 4.6.2 Freeware
  Edition Other versions may also be affected.
  Date :2013-03-13
  Contact:kavehghaemmaghami@googlemail.com
  Twitter:@coolkaveh
  tested :Windows XP SP3 ENG
  Discovered by :coolkaveh
  
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  
  1) Introduction
  2) Report Timeline
  3) Technical details
  4) POC
  
  
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  
  ===============
  1) Introduction
  ===============
  
  Cam2pc is the tool for digital camera: from picture download to
  browsing and viewing, cam2pc has all
  The features to ease digital imaging life. Editing images, and manage
  all the processes
  (rotate, zoom, adjust brightness and contrast, fix red eyes). Browse
  and fine your media files, view
  Images and videos, transfer photos from digital camera, produce fun
  content out of your favorite images:
  Make Web albums, galleries, and slideshows.
  
  (http://www.nabocorp.com/)
  
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  
  ============================
  2) Report Timeline
  ============================
  
  2013-01-15: Vulnerability reported to vendor
  No response has been received
  2013-02-05: Vulnerability reported again to vendor
  No response has been received
  2013-02-26: Vulnerability reported again to vendor
  No response has been received
  2013-03-13: Public Disclosure
  
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  
  ============================
  3) Technical details
  ============================
  The vulnerability is caused due to an integer overflow error in the
  cam2pc.exe When allocating memory
  For BITMAP INFO HEADER (biHeight) values. This can be exploited to cause
  a heap-based buffer overflow
  Via a specially crafted BMP,JPG,TIF file.
  
  Successful exploitation may allow execution of arbitrary code, but
  requires tricking a user into opening a malicious file.
  
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  
  ===========
  4) POC
  ===========
  
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24743.rar
  
  Password for attached rar file is 123