Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2004-2167 PoC — LaTeX2rtf远程缓冲区溢出漏洞

Source
https://github.com/uzzzval/cve-2004-2167
Associated Vulnerability
Title:LaTeX2rtf远程缓冲区溢出漏洞 (CVE-2004-2167)
Description:Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.
Readme
# cve-2004-2167


Code to be tested:

Download CentOS 6.4 Opertaing System

Download the Latex2RTf to the Downloads folder from the below link:
    
    https://sourceforge.net/projects/latex2rtf/files/latex2rtf-win/1.9.15/

cd /home/username/Downloads/

tar -xvf latex2rtf-1.9.15.tar.gz

 cd latex2rtf-1.9.15
 
sudo make 

sudo make install

gcc -o exploit exploit.c 

./exploit > shell_code.tex

./latex2rtf shell_code.tex

Steps for patching:
Download the patch from:

https://github.com/uzzzval/cve-2004-2167/blob/master/definitions_patch.c

cp definitions_patch.c /home/username/Downloads/latex2rtf-1.9.15/
mv definitions_patch.c definitions.c
sudo Make
sudo make install
./latex2rtf shell_code.tex
File Snapshot

 [4.0K]  /data/pocs/cd3be8187bd54af1140cca88611d1747de0a4d51
├── [ 17K]  definitions_patch.c
├── [1.6K]  exploit.c
└── [ 704]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →