Crimson Editor SEH Overwrite Vulnerability

A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system.
  
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code, by tricking a user into using a maliciously constructed configuration file (cedt.cfg).
  
This vulnerability is confirmed in Crimson Editor version 3.70.
  
A PoC configuration file can be downloaded here:
http://www.exploit-db.com/sploits/cedt.zip
  
  
Ref:
  
    * http://www.crimsoneditor.com/


发表评论?

0 条评论。

发表评论