module
Chasys Draw IES Buffer Overflow
| Disclosed | Created |
|---|---|
| 2013-07-26 | 2018-05-30 |
Disclosed
2013-07-26
Created
2018-05-30
Description
This module exploits a buffer overflow vulnerability found in Chasys Draw IES
(version 4.10.01). The vulnerability exists in the module flt_BMP.dll, while
parsing BMP files, where the ReadFile function is used to store user provided data
on the stack in an insecure way. It results in arbitrary code execution under the
context of the user viewing a specially crafted BMP file. This module has been
tested successfully with Chasys Draw IES 4.10.01 on Windows XP SP3 and Windows 7
SP1.
(version 4.10.01). The vulnerability exists in the module flt_BMP.dll, while
parsing BMP files, where the ReadFile function is used to store user provided data
on the stack in an insecure way. It results in arbitrary code execution under the
context of the user viewing a specially crafted BMP file. This module has been
tested successfully with Chasys Draw IES 4.10.01 on Windows XP SP3 and Windows 7
SP1.
Authors
Christopher Gabriel
Longinos Recuero Bustos
Javier 'soez'
juan vazquez juan.vazquez@metasploit.com
Longinos Recuero Bustos
Javier 'soez'
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.