Document Title: =============== Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/2c0kV3r Release Date: ============= 2016-09-05 Vulnerability Laboratory ID (VL-ID): ==================================== 1936 Common Vulnerability Scoring System: ==================================== 6.1 Product & Service Introduction: =============================== Picosmos Shows - View image files on your computer, set them as wallpaper or process them, individually or in groups, using this useful program. Editing images can be quite a tedious activity, especially if there are many files and all you have to do is subtle image optimizations. Although there are some methods to quickly do this without much effort, using editors batch file, as Picosmos Entertainment, is one of the most effective ways. (Copy of the Homepage: http://ift.tt/1IwHbHf) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a stack buffer overflow vulnerability in the official Picosmos Shows v1.6.0 software. Vulnerability Disclosure Timeline: ================================== 2016-09-05: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Picosmos Tools Product: Picosmos Shows - Software 1.6.0 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local stack buffer overflow vulnerability has been discovered in the official Picosmos Shows v1.6.0 software. The overflow vulnerability allows remote attackers to take-over the process by overwrite of the active registers. The stack buffer overflow vulnerability is located in the `directory entry` module of the software. Local attackers are able to include unicode as malicious payload to crash software via stack overflow. Thus allows the local attacker to overwrite for example the eip register to take control of the vulnerable software process. The security risk of the issue is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the vulnerability requires a low privilege or restricted system user account without user interaction. Successful exploitation of the vulnerability results in computer system manipulation and compromise of the computer system. Vulnerable Input(s): [+] Directories - (Entry) Proof of Concept (PoC): ======================= A local stack overflow vulnerability can be exploited by local attackers without user interaction and with privileged system user account. For security demonstration or to reproduce the sofwtare vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Launch the PicosmosShows.exe software process Note: Additional you can attach a debugger like windbg to the software process 2. Run the code in perl and a file format (.txt) will create 3. Copy the AAAAAAAAA+... string from Picosmos.txt to clipboard 4. Paste it to the input Directories AAAAAAAAA+... string and click Enter to process 5. Software crash permanently by a stack overflow 6. Successfully reproduce of the local stack buffer overflow vulnerability! PoC: Exploit Code (Perl) #!/usr/bin/perl my $Buff = "x41" x 5000; open(MYFILE,'>>Picosmos.txt'); print MYFILE $Buff; close(MYFILE); print " POC Created by ZwXn";
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment