CVE-2018-18695
Information
Software : Report Designer
Version : 5.0
Environment : Windows 10 Pro, Windows 10 Edu
Proof of Concept
eax=02ab67ff ebx=00bf5560 ecx=02ab67ff edx=0018aaac esi=02a755e8 edi=0018a8b4
eip=61616161 esp=00189e64 ebp=00189e6c iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
Exploitation
It is possible to control the EIP register by dragging and dropping malicious files into the RD viewer. As this SW has no DEP, ASLR and CFG, you can easily exploit it with shellcode.