| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= =============================================================================  BeyondCHM 1.1 Buffer Overflow (price 32.56 EUR)  Url: http://www.beyondchm.com/  Author: shinnai  mail: shinnai[at]autistici[dot]org  site: http://shinnai.altervista.org/  This was written for educational purpose. Use it at your own risk.  Author will be not responsible for any damage.  Tested on:  Microsoft Windows 7 Professional   6.1.7601 Service Pack 1 build 7601  Info (http://www.beyondchm.com/):  Beyond CHM is a powerful chm reader and chm editor, It enables user to  open multiple tabs at the same time. With this CHM viewer, user can edit  CHM files, including highlighting CHM text, changing font and font size,  removing contents, adding comments and so on, all the changes can be saved  persistently. Additionally, user can switch Beyond CHM between reader  mode and editor mode easily. In reader mode, users can zoom on CHM pages  and navigate among CHM pages easily. Beyond CHM is a good Microsoft HTML  Help Tool replacement, which supports nearly all Windows operation systems.  PoC released as is, I have no time at the moment for further investigations ============================================================================= =============================================================================  Crafting a .chm file is possible to cause a stack based buffer overflow.  PoC: http://shinnai.altervista.org/exploits/chm.rar https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18776.rar ============================================================================= ============================================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) iQIcBAEBAgAGBQJPllNzAAoJEJlK/ai8vywmNcQQALVZzxXPZOLM8ghXeFoIZk1Y zumWMQdE4TLQcwg2WNUcGzSvTLss/xMHdBDsHlzXslTBKYwN2W8BBCD0H8MLnhuE 3Vei9nokJDAy6ZKYL8rOeIcuknHIDwf4fjsejDnH1LDdPlKooB+4tYkpGbUcff96 RD4plKA/Olp4SlNPT2U3cEK940ahf6G9W2LGunWgB6jsydudAWUzgVG+sLI+kOmK QAEe6aHsBVzR8zPHJzggkescICcQVxHdg/ppYxRr5lzeyEYUkHS+aY4k3Mr5U2My E0l5QMCozoeSQPujW6U3U91TqkXpjViSuoaY+1v6shxyQbSvtHd6946YUMl7qMCI xzAeofga7JCErH1lltVbUKUnoy6fmbd5F9x2TRIVUSdtoPEFgiHBi0HCRHimx/XS Cxs/LDRyvM0oAYfbiEqRFm/bkoBxScMVQmXq+ZxRFYfihpU/U2jCfY3yk1E4UAsy 0PL0DVUtvt2Fro09pobXkYlVbRjH4BJwu9/Y4Ko/ZMqWFLDmGGEQiDtRB60n3oNm k2CmmsVWTmYpIJ6Rlt3azIYRGCqRGALiB9Eph7WcZnij6y4PwSsNpf6uMZH864EM J3QTi2Xhn+zEq4XEU7IHRRrFyJQOF+0TUV+qYMR+NuBmPhWXk27n6AXQJbu+RjAm 8dBjL95Ghi8s0VQt4rjb =3c+B -----END PGP SIGNATURE----- |