Foxit Reader 5.4.3.0920 – Crash (PoC)

• Exploit Database
• 115 阅读

• 作者： coolkaveh
  日期： 2012-10-01
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/21645/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

  Title:Foxit Reader suffers from Division By Zero Version:5.4.3.0920 Date :2012-09-28 Vendor :http://www.foxitsoftware.com/ Impact :Med/High Contact:coolkaveh [at] rocketmail.com Twitter:@coolkaveh tested :XP SP3 ##################################################################### Bug : ---- division by zero vulnerability during the handling of the pdf files. that will trigger a denial of service condition   ##################################################################### (b34.f24): Integer divide-by-zero - code c0000094 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000 eip=00558c8c esp=0012f928 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010246 *** ERROR: Module load completed but symbols could not be loaded for FoxitReader_Lib_Full.exe FoxitReader_Lib_Full+0x158c8c: 00558c8c f7f7div eax,edi 0:000> r;!exploitable -v;q eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000 eip=00558c8c esp=0012f928 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010246 FoxitReader_Lib_Full+0x158c8c: 00558c8c f7f7div eax,edi HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception *** ERROR: Symbol file could not be found.Defaulted to export symbols for ntdll.dll - Exception Faulting Address: 0x558c8c First Chance Exception Type: STATUS_INTEGER_DIVIDE_BY_ZERO (0xC0000094)   Faulting Instruction:00558c8c div eax,edi   Basic Block: 00558c8c div eax,edi Tainted Input Operands: ax, dx, eax, edi 00558c8e cmp dword ptr [esp+3ch],eax Tainted Input Operands: eax 00558c92 jae foxitreader_lib_full+0x158f06 (00558f06) Tainted Input Operands: CarryFlag   Exception Hash (Major/Minor): 0x6461647c.0x64616453   Stack Trace: FoxitReader_Lib_Full+0x158c8c Instruction Address: 0x0000000000558c8c   Description: Integer Divide By Zero Short Description: DivideByZero Recommended Bug Title: Integer Divide By Zero starting at FoxitReader_Lib_Full+0x0000000000158c8c (Hash=0x6461647c.0x64616453) #####################################################################   Proof of concept .pdf included: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21645.pdf