diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index c8865ac00f..9f12ad3e50 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -96041,6 +96041,47 @@ ] } }, + "exploit_windows/fileformat/cyberlink_lpp_bof": { + "name": "CyberLink LabelPrint 2.5 Stack Buffer Overflow", + "full_name": "exploit/windows/fileformat/cyberlink_lpp_bof", + "rank": 300, + "disclosure_date": "2017-09-23", + "type": "exploit", + "author": [ + "modpr0be ", + "f3ci " + ], + "description": "This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below.\n The vulnerability is triggered when opening a .lpp project file containing overly long string characters\n via open file menu. This results in overwriting a structured exception handler record and take over the\n application. This module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).", + "references": [ + "CVE-2017-14627", + "EDB-42777" + ], + "is_server": true, + "is_client": false, + "platform": "Windows", + "arch": "", + "rport": null, + "autofilter_ports": [ + + ], + "autofilter_services": [ + + ], + "targets": [ + "CyberLink LabelPrint <= 2.5 on Windows 7 (64 bit)", + "CyberLink LabelPrint <= 2.5 on Windows 8.1 x64", + "CyberLink LabelPrint <= 2.5 on Windows 10 x64 build 1803" + ], + "mod_time": "2018-12-11 07:55:20 +0000", + "path": "/modules/exploits/windows/fileformat/cyberlink_lpp_bof.rb", + "is_install_path": true, + "ref_name": "windows/fileformat/cyberlink_lpp_bof", + "check": false, + "post_auth": false, + "default_credential": false, + "notes": { + } + }, "exploit_windows/fileformat/cyberlink_p2g_bof": { "name": "CyberLink Power2Go name Attribute (p2g) Stack Buffer Overflow Exploit", "full_name": "exploit/windows/fileformat/cyberlink_p2g_bof",