IrfanView – ‘.RLE’ Image Decompression Buffer Overflow

• Exploit Database
• 11 阅读

• 作者： Francis Provencher
  日期： 2012-11-13
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/22680/

• #####################################################################################
  
  Application:IrfanView RLE Image Decompression Buffer Overflow Vulnerability
  Plateform: Windows
  Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected.
  Exploitation: Remote code execution
  
  Secunia Number: SA49856
  
  {PRL}: 2012-32
  
  Author: Francis Provencher (Protek Research Lab's)
  
  Website: http://www.protekresearchlab.com/
  
  Twitter: @ProtekResearch
  
  #####################################################################################
  
  1) Introduction
  2) Timeline
  3) Technical details
  4) PoC
  
  
  #####################################################################################
  
  ===============
  1) Introduction
  ===============
  IrfanView is a freeware/shareware image viewer for Microsoft Windows that can view, edit, and convert image files
  and play video/audio files. It is noted for its small size, speed, ease of use, and ability to handle a wide variety of graphic
  file formats, and has some image creation and painting capabilities. The software was first released in 1996.
  IrfanView is free for non-commercial use; commercial use requires paid registration.
  #####################################################################################
  
  ============
  2) Timeline
  ============
  
  2012-07-11 - Vulnerability reported to secunia
  2012-11-12 - Coordinated public release of advisory
  
  #####################################################################################
  
  =================
  3) Technical details
  =================
  An error when processing RLE compressed images can be exploited to cause
  a heap-based buffer overflow via a specially crafted BMP image containing many
  "End of Line" markers within a stream.
  #####################################################################################
  
  =============
  4) The Code
  =============
  
  http://protekresearchlab.com/exploits/PRL-2012-32.rle
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22680.tar.gz (PRL-2012-32.rle.tar.gz)