lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CADe7mMd3cK8CvDzG4CzkdBNNifs7eGZm-iGMNn6MfwKz-XDRjA@mail.gmail.com>
Date: Tue, 12 Mar 2013 07:35:40 -0700
From: kaveh ghaemmaghami <kavehghaemmaghami@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Cam2pc BMP Image Processing Integer Overflow
	Vulnerability

Application:  Cam2pc BMP Image Processing Integer Overflow Vulnerability
Platforms:    Windows
Versions :    The vulnerability is confirmed in version 4.6.2 Freeware
Edition Other versions may also be affected.
Date     :    2013-03-32
Contact  :    kavehghaemmaghami@...glemail.com
Twitter  :    @coolkaveh
tested   :    Windows XP SP3 ENG

Discovered by   :  Kaveh Ghaemmaghami AKA (coolkaveh)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

1) Introduction
2) Report Timeline
3) Technical details
4) POC


------------------------------------------------------------------------------------------------------------------------------------------------------------------------

===============
1) Introduction
===============

Cam2pc is the tool for digital camera: from picture download to
browsing and viewing, cam2pc has all
The features to ease digital imaging life. Editing images, and manage
all the processes
(rotate, zoom, adjust brightness and contrast, fix red eyes). Browse
and fine your media files, view
Images and videos, transfer photos from digital camera, produce fun
content out of your favorite images:
Make Web albums, galleries, and slideshows.

(http://www.nabocorp.com/)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

============================
2) Report Timeline
============================

2013-01-15: Vulnerability reported to vendor
No response has been received
2013-02-05: Vulnerability reported again to vendor
No response has been received
2013-02-26: Vulnerability reported again to vendor
No response has been received
2013-03-012: Public Disclosure

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

============================
3) Technical details
============================
The vulnerability is caused due to an integer overflow error in the
cam2pc.exe When allocating memory
For BITMAPINFOHEADER(biHeight) values. This can be exploited to cause
a heap-based buffer overflow
Via a specially crafted BMP,JPG,TIF file.

Successful exploitation may allow execution of arbitrary code, but
requires tricking a user into opening a malicious file.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

===========
4) POC
===========

See attached file
Password for attached rar file is 123

Download attachment "cam2pc.rar" of type "application/rar" (119513 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ