IrfanView 4.33 - 'IMXCF.dll' Plugin Code Execution

Author: beford
type: dos
platform: windows
port: 
date_added: 2012-12-11  
date_updated: 2016-10-31  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comiview433_setup.exe  

raw file: 23288.txt  

>From the simple.xcf file, 0x004ABABC will overwrite eip.

Tested on Windows XP SP3 and Windows 7 x64.

Fixed in the current release IrfanView 4.35: [1]

Shellcode from [2]

Old version installer at [3] [4].

[1] http://www.irfanview.com/main_history.htm
[2] http://code.google.com/p/win-exec-calc-shellcode/
[3] http://gd.tuwien.ac.at/graphics/irfanview/plugins/irfanview_plugins_433_setup.exe
[4] http://gd.tuwien.ac.at/graphics/irfanview/iview433_setup.exe

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23288.tar.gz