FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER (BitCount) Stack Based Buffer Overflow Exploit

Exploit title: FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow ASLR & DEP Bypass Exploit Author: Paolo Stagno Vendor Homepage: https://www.faststone.org/ Download: https://www.faststonesoft.net/DN/FSViewerSetup75.exe...

LEADTOOLS BMP Parsing Remote Code Execution Vulnerability

Summary An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerabilit...

Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1078 We have discovered two bugs in the implementation of the win32k!NtGdiGetDIBitsInternal system call, which is a part of the graphic subsystem in all modern versions of Windows. The issues can potentially lead to kernel pool...

CVE-2017-6078

FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service application crash via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section...

CVE-2017-6078

FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service application crash via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section...

CVE-2014-0994

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library VCL in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the...

CVE-2014-0994

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library VCL in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the...

Microsoft Windows内核CreateDIBPalette()函数本地权限提升漏洞

BUGTRAQ ID: 42291 Microsoft Windows是微软发布的非常流行的操作系统。 Windows win32k.sys内核驱动中的CreateDIBPalette函数在创建DIB画板时将颜色数据拷贝到了固定大小的缓冲区。如果本地用户通过 BITMAPINFOHEADER结构中的biClrUsed字段指定了超过256个颜色的话，就可以在GetClipboardData API触发堆缓冲区溢出漏洞，导致以内核权限执行任意代码。 Microsoft Windows XP SP3 Microsoft Windows Vista Microsoft Windows Serve...

Microsoft win32k.sys Driver "CreateDIBPalette()" Buffer Overflow

Exploit for windows platform in category local exploits ================================================================ Microsoft win32k.sys Driver "CreateDIBPalette" Buffer Overflow ================================================================ Sources: http://www.ragestorm.net/blogs/?p=255...

Microsoft Windows win32k.sys Buffer Overflow

Sources: http://www.ragestorm.net/blogs/?p=255 http://secunia.com/advisories/40870/ DEVMODE dm = 0; dm.dmSize = sizeofDEVMODE; dm.dmBitsPerPel = 8; dm.dmPelsWidth = 800; dm.dmPelsHeight = 600; dm.dmFields = DMPELSWIDTH | DMPELSHEIGHT | DMBITSPERPEL; ChangeDisplaySettings&dm, 0; BITMAPINFOHEADER...

Microsoft Windows .ani文件tagBITMAPINFOHEADER拒绝服务漏洞

BUGTRAQ ID: 38579 Microsoft Windows是微软发布的非常流行的操作系统。 ANI文件将动画光标的每一帧存储为文件中的打包位图，每个位图的BITMAPINFOHEADER中的每个DWORD biClrUsed成员都可能导致Windows API函数分配任意数量的字节，并向新分配的内存中拷贝进同样数量的数据。由于代码没有检查是否有上述数量的数据可用，这可能导致拷贝操作读过为ANI文件所分配内存的边界。 如果很小的ANI文件对biClrUsed指定了很大的值，内存拷贝操作就可能越界，进入未分配的内存区。IE等应用程序使用这些Windows...

Microsoft GDI+ BMP整数溢出漏洞（MS08-052）

BUGTRAQ ID: 31022 CVE ID：CVE-2008-3015 CNCVE ID：CNCVE-20083015 Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+子系统解析特殊构建的BMP文件存在问题，远程攻击者可以利用漏洞进行内存破坏，可导致以登录用户进程权限执行任意代码。 提供畸形的BitMapInfoHeader可导致不正确的整数计算，而在之后造成内存破坏问题，构建特殊的BMP文件，诱使用户访问，可触发此漏洞。 Microsoft Works 8.0 Microsoft Visual Studio 2003...

Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted...