CVE-2013-4988
IcoFX < 2.5 - Remote Code Execution via Long idCount in ICONDIR Structure
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2013-4988.
PoCs published by Metasploit, Core Security, Austin Babcock, including Metasploit module exploits/windows/fileformat/icofx_bof.
AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in IcoFX 2.5 by crafting a malicious .ICO file with an oversized ICONDIR header, triggering an SEH overwrite and ROP chain to achieve arbitrary code execution.
Description
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
Exploits (4)
This Metasploit module exploits a stack-based buffer overflow in IcoFX 2.5 by crafting a malicious .ICO file with an oversized ICONDIR header, triggering an SEH overwrite and ROP chain to achieve arbitrary code execution.
This advisory details a buffer overflow vulnerability in IcoFX v2.5.0.0, which allows arbitrary code execution when a maliciously crafted .ICO file is opened. The vulnerability is due to improper handling of file data, leading to SEH overwrites.
This exploit demonstrates a buffer overflow in IcoFX 2.6 using SEH overwrite and DEP bypass via JOP (Jump-Oriented Programming) to execute arbitrary shellcode. It leverages ROP to set up a JOP chain that performs stack pivots and calls VirtualProtect to disable DEP.
This Metasploit module exploits a stack-based buffer overflow in IcoFX 2.5 by crafting a malicious .ICO file with an overly large number of images in the ICONDIR header, leading to arbitrary code execution via SEH overwrite and ROP gadgets.