CVE-2021-43579

HIGH

htmldoc <= 1.9.13 - Remote Code Execution via Crafted BMP File in image_load_bmp()

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43579. PoCs published by wulfgarpro.

AI-analyzed exploit summary This exploit demonstrates a stack buffer overflow in HTMLDOC's BMP reader (`image_load_bmp`) by leveraging a negative `biClrUsed` value to overflow a fixed-size stack buffer. The payload overwrites the saved return address, leading to arbitrary code execution or a crash.

Description

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

Exploits (1)

exploitdb WORKING POC

by wulfgarpro · pythonremotemultiple

https://www.exploit-db.com/exploits/52425

View Code ZIP pw:eip

This exploit demonstrates a stack buffer overflow in HTMLDOC's BMP reader (`image_load_bmp`) by leveraging a negative `biClrUsed` value to overflow a fixed-size stack buffer. The payload overwrites the saved return address, leading to arbitrary code execution or a crash.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HTMLDOC <= 1.9.13

No auth needed

Prerequisites: Ability to provide a malicious BMP file to the target system · Target system must process the BMP file using HTMLDOC

MITRE ATT&CK