Full Disclosure mailing list archives
BeyondCHM 1.1 Buffer Overflow
From: Carlo Di Dato <shinnai () autistici org>
Date: Tue, 24 Apr 2012 08:33:56 +0100
From http://www.beyondchm.com/: "Beyond CHM is a powerful chm reader and chm editor, It enables user to open multiple tabs at the same time. With this CHM viewer, user can edit CHM files, including highlighting CHM text, changing font and font size, removing contents, adding comments and so on, all the changes can be saved persistently. Additionally, user can switch Beyond CHM between reader mode and editor mode easily. In reader mode, users can zoom on CHM pages and navigate among CHM pages easily. Beyond CHM is a good Microsoft HTML Help Tool replacement, which supports nearly all Windows operation systems." Using a crafted .chm file is possible to cause a stack based buffer overflow. Info: http://didasec.wordpress.com/2012/04/24/beyondchm-1-1-buffer-overflow/ Exploit: http://shinnai.altervista.org/exploits/SH-019-20120424.html Be safe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BeyondCHM 1.1 Buffer Overflow Carlo Di Dato (Apr 24)