Julien Ahrens === @MrTuxracer

Vulnerability Intel | ROP Gadget Hunter | Privacy Enthusiast | Full-time BugBounty hunter | @Hacker0x01 MVH | @SynackRedTeam member | on a world-trip

[IA1] GPSMapEdit v1.1.73.2 (.lst) Local Denial of Service Vulnerability

08 Jan 2012 » Advisory

Here’s my first real application vulnerability :-). Since this is only a small bug with no bigger impact its severity is therefor considered as “low”.

[IA1] GPSMapEdit v1.1.73.2 (.lst) Local Denial of
Service Vulnerability

Details
=============
Product:         GPSMapEdit v1.1.73.2
Severity:        Low
Exploit-Type:    Local
Vendor-URL:      http://www.geopainting.com
Advisory-Status: published
References:      -
Contact:         info[a.t]inshell[d.o.t]net

Credits
=============
Discovered by: Julien Ahrens

Affected Products:
=============
GPSMapEdit v1.1.73.2

Tested on:
=============
Windows XP SP3 Professional German
Windows 7 Professional 64bit German

Description
=============
This software is designed for visual authoring of GPS-maps in various
cartographic formats: Polish format, Garmin MapSource, Lowrance MapCreate,
Navitel Navigator (navigation software for Windows Mobile, Android,
Symbian, iPhone), ALAN Map 500/600, Holux MapShow, and custom POIs and
speedcams for: Garmin POI Loader · iGO · TomTom OV2 · Navitel Navigator.
The program may also load and convert GPS-tracks, waypoints and routes
in various formats: GPX · KML · Garmin · iGO 8 · iGO Primo · Lowrance
Magellan · Nokia · OziExplorer · ALAN · Holux. Other supported formats are:
ECW · JPEG 2000 · JPG · BMP · GIF · PNG · TIFF · EXIF · Google Maps ·
ESRI shapefile · MapInfo MIF/MID · CSV · XLS · DBF · MDB

Timeline
================
2012-01-08: Vendor Notification
2012-01-10: Vendor Response/Feedback

Read full advisory and PoC