Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2018-18695/
CVE/CVE-2018-18695/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.

CVE-2018-18695

Information

Software    : Report Designer
Version     : 5.0
Environment : Windows 10 Pro, Windows 10 Edu

Proof of Concept

eax=02ab67ff ebx=00bf5560 ecx=02ab67ff edx=0018aaac esi=02a755e8 edi=0018a8b4
eip=61616161 esp=00189e64 ebp=00189e6c iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202

Exploitation

It is possible to control the EIP register by dragging and dropping malicious files into the RD viewer. As this SW has no DEP, ASLR and CFG, you can easily exploit it with shellcode.