Security

  Text :  

EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Remote Buffer Overflow

Title: EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Remote Buffer
Overflow PoC
Advisory ID: ZSL-2010-4935
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 22.04.2010

Summary
Do you want to learn how to draw? Now you can online! Learn how to draw
like a local application with Edraw Flowchart ActiveX Control that lets you
quickly build basic flowcharts, organizational charts, business charts, hr
diagram, work flow, programming flowchart and network diagrams.

Description
EDraw Flowchart ActiveX Control version 2.3 suffers from a buffer overflow
vulnerability when parsing .edd file format resulting in an application
crash and overwritten few memory registers which can aid the attacker to
execute arbitrary code.

---------------------------------------------------------------------------
-----

(305c.1ee4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=027a0020 ebx=00000000 ecx=0c841000 edx=3fffff45 esi=0012f2e4
edi=41414141
eip=10083bbd esp=0012f198 ebp=01055734 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
EDImage!DllUnregisterServer+0x5594d:
10083bbd 895904 mov dword ptr [ecx+4],ebx ds:0023:0c841004=????????

---------------------------------------------------------------------------
-----

Vendor
EdrawSoft - http://www.edrawsoft.com

Affected Version
2.3.0.6

Tested On
Microsoft Windows XP Professional Service Pack 3 (English)

Vendor Status
N/A
PoC
edraw_edd.pl

Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References
[1] http://www.exploit-db.com/exploits/12342

Zero Science Lab