PowerCHM 5.7 (hhp) Local Buffer Overflow Exploit

Title: PowerCHM 5.7 (hhp) Local Buffer Overflow Exploit
Advisory ID: ZSL-2009-4910
Type: Local/Remote
Impact: System Access
Risk: (3/5)
Release Date: 29.03.2009
Summary
With PowerCHM you can create your CHM files automatically from Html Files (including .htm, .html and .mht), Text Files (.txt), Microsoft Word Documents (.doc) and Adobe Acrobat Document (.pdf).
Description
The vulnerability is caused due to a boundary error when processing overly long filenames. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening an HTML Help Project (".HHP") file having an overly long "[FILES]" entry or into clicking an overly long link included in an imported HTML file. Successful exploitation may allow execution of arbitrary code.
Vendor
Dawningsoft Inc. - http://www.dawningsoft.com
Affected Version
5.7
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
powerchm_bof.pl
Credits
Vulnerability discovered by Le Duc Anh from Bkis Security
Exploit coded by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.milw0rm.com/exploits/8301
[2] http://securityreason.com/exploitalert/5943
[3] http://packetstormsecurity.org/filedesc/powerchm57-overflow.txt.html
[4] http://www.securityfocus.com/bid/34263
Changelog
[29.03.2009] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk