Vulnerabilities > CVE-2018-17408 - Out-of-bounds Write vulnerability in Zahiraccounting Zahir Enterprise Plus 6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit). CVE-2018-17408. Local exploit for Windows platform. Tags: Metasploit Framework (MSF), Local file exploits/windows/local/45560.rb id EDB-ID:45560 last seen 2018-10-08 modified 2018-10-08 platform windows port published 2018-10-08 reporter Exploit-DB source https://www.exploit-db.com/download/45560/ title Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit) type local description Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH). Local exploit for Windows_x86 platform. Tags: Local, Buffer Overflow file exploits/windows_x86/local/45505.py id EDB-ID:45505 last seen 2018-10-07 modified 2018-10-01 platform windows_x86 port published 2018-10-01 reporter Exploit-DB source https://www.exploit-db.com/download/45505/ title Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH) type local
Metasploit
| description | This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record. |
| id | MSF:EXPLOIT/WINDOWS/FILEFORMAT/ZAHIR_ENTERPRISE_PLUS_CSV |
| last seen | 2020-06-13 |
| modified | 2018-10-04 |
| published | 2018-09-29 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17408 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/zahir_enterprise_plus_csv.rb |
| title | Zahir Enterprise Plus 6 Stack Buffer Overflow |
Packetstorm
data source https://packetstormsecurity.com/files/download/149620/zahirep6-overflow.txt id PACKETSTORM:149620 last seen 2018-10-02 published 2018-10-01 reporter modpr0be source https://packetstormsecurity.com/files/149620/Zahir-Enterprise-Plus-6-Build-10b-Buffer-Overflow.html title Zahir Enterprise Plus 6 Build 10b Buffer Overflow data source https://packetstormsecurity.com/files/download/149688/zahir_enterprise_plus_csv.rb.txt id PACKETSTORM:149688 last seen 2018-10-06 published 2018-10-05 reporter modpr0be source https://packetstormsecurity.com/files/149688/Zahir-Enterprise-Plus-6-Stack-Buffer-Overflow.html title Zahir Enterprise Plus 6 Stack Buffer Overflow