Zero Science Lab » Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC

Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC

Title: Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC
Advisory ID: ZSL-2010-4946
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 12.07.2010

Summary

Strengthen your visual impact. Create compelling slideshows, proposals, demonstrations and interactive reports. Easily edit pictures, create charts and diagrams, and share content with others. Open, edit and save Microsoft® PowerPoint® files, including the latest OOXML (.pptx) files.

Description

Corel Presentations is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .SHW (Presentations Slide Show) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Vendor

Corel Corporation - http://www.corel.com

Affected Version

15.0.0.357 (Standard Edition)

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

[12.07.2010] Vulnerability discovered.
[09.07.2010] Initial contact with the vendor.
[12.07.2010] No reply from vendor.
[12.07.2010] Public advisory released.

PoC

corel_present.txt
zsl_poc17.shw.rar

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.exploit-db.com/exploits/14346/
[2] http://securityreason.com/exploitalert/8398
[3] http://packetstormsecurity.org/1007-exploits/ZSL-2010-4946.tgz
[4] http://www.net-security.org/vuln.php?id=13558
[5] http://www.securityfocus.com/bid/41556

Changelog

[12.07.2010] - Initial release
[13.07.2010] - Added reference [2] and [3]
[12.08.2010] - Added reference [4] and [5]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk