Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

BeyondCHM 1.1 - Buffer Overflow

🗓️ 24 Apr 2012 00:00:00Reported by shinnaiType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 23 Views

BeyondCHM 1.1 Buffer Overflow on Beyond CHM 1.

Code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
=============================================================================
 BeyondCHM 1.1 Buffer Overflow (price 32.56 EUR)
 Url: http://www.beyondchm.com/

 Author: shinnai
 mail:   shinnai[at]autistici[dot]org
 site:   http://shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Microsoft Windows 7 Professional 
 6.1.7601 Service Pack 1 build 7601

 Info (http://www.beyondchm.com/):
 Beyond CHM is a powerful chm reader and chm editor, It enables user to
 open multiple tabs at the same time. With this CHM viewer, user can edit
 CHM files, including highlighting CHM text, changing font and font size,
 removing contents, adding comments and so on, all the changes can be saved
 persistently. Additionally, user can switch Beyond CHM between reader
 mode and editor mode easily. In reader mode, users can zoom on CHM pages
 and navigate among CHM pages easily. Beyond CHM is a good Microsoft HTML
 Help Tool replacement, which supports nearly all Windows operation systems.
 
 PoC released as is, I have no time at the moment for further investigations
 
=============================================================================
=============================================================================

 Crafting a .chm file is possible to cause a stack based buffer overflow.

 PoC: http://shinnai.altervista.org/exploits/chm.rar
      https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18776.rar

=============================================================================
=============================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)

iQIcBAEBAgAGBQJPllNzAAoJEJlK/ai8vywmNcQQALVZzxXPZOLM8ghXeFoIZk1Y
zumWMQdE4TLQcwg2WNUcGzSvTLss/xMHdBDsHlzXslTBKYwN2W8BBCD0H8MLnhuE
3Vei9nokJDAy6ZKYL8rOeIcuknHIDwf4fjsejDnH1LDdPlKooB+4tYkpGbUcff96
RD4plKA/Olp4SlNPT2U3cEK940ahf6G9W2LGunWgB6jsydudAWUzgVG+sLI+kOmK
QAEe6aHsBVzR8zPHJzggkescICcQVxHdg/ppYxRr5lzeyEYUkHS+aY4k3Mr5U2My
E0l5QMCozoeSQPujW6U3U91TqkXpjViSuoaY+1v6shxyQbSvtHd6946YUMl7qMCI
xzAeofga7JCErH1lltVbUKUnoy6fmbd5F9x2TRIVUSdtoPEFgiHBi0HCRHimx/XS
Cxs/LDRyvM0oAYfbiEqRFm/bkoBxScMVQmXq+ZxRFYfihpU/U2jCfY3yk1E4UAsy
0PL0DVUtvt2Fro09pobXkYlVbRjH4BJwu9/Y4Ko/ZMqWFLDmGGEQiDtRB60n3oNm
k2CmmsVWTmYpIJ6Rlt3azIYRGCqRGALiB9Eph7WcZnij6y4PwSsNpf6uMZH864EM
J3QTi2Xhn+zEq4XEU7IHRRrFyJQOF+0TUV+qYMR+NuBmPhWXk27n6AXQJbu+RjAm
8dBjL95Ghi8s0VQt4rjb
=3c+B
-----END PGP SIGNATURE-----

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Apr 2012 00:00Current
7.4High risk
Vulners AI Score7.4
beyondchm buffer overflow windows 7 professional stack-based buffer overflow chm reader chm editor exploit vulnerability unchecked input system vulnerability security risk exploit code pgp signature mingw32
23