← Advisories

PowerCHM 5.7 (hhp) Local Buffer Overflow Exploit

Medium

Advisory ID

ZSL-2009-4910

Release Date

29 March 2009

Vendor

Dawningsoft Inc. - http://www.dawningsoft.com

Affected Version

5.7

CVE

N/A

Tested On

Microsoft Windows XP Professional SP2 (English)

Summary

With PowerCHM you can create your CHM files automatically from Html Files (including .htm, .html and .mht), Text Files (.txt), Microsoft Word Documents (.doc) and Adobe Acrobat Document (.pdf).

Description

The vulnerability is caused due to a boundary error when processing overly long filenames. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening an HTML Help Project (".HHP") file having an overly long "[FILES]" entry or into clicking an overly long link included in an imported HTML file. Successful exploitation may allow execution of arbitrary code.

Proof of Concept

powerchm_bof.plTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Le Duc Anh from Bkis Security
Exploit coded by Gjoko Krstic

References

[1]http://www.milw0rm.com/exploits/8301

[2]http://securityreason.com/exploitalert/5943

[3]http://packetstormsecurity.org/filedesc/powerchm57-overflow.txt.html

[4]http://www.securityfocus.com/bid/34263

Changelog

29.03.2009Initial release