Easy Grade Pro Out-of-Bounds Memory Read Vulnerability Leading to Denial-of-Service
Vulnerability
A denial-of-service vulnerability has been identified in Easy Grade Pro version 4.1.0.2. The issue arises from a file parsing logic flaw in the handling of proprietary .EGP gradebook files. An attacker can exploit this vulnerability by modifying specific fields at precise offsets within an otherwise valid .EGP file. This manipulation triggers an out-of-bounds memory read during parsing, causing an unhandled access violation and application crash. When the crafted file is opened by a user, it results in a local denial-of-service condition.
Impact
Exploitation of this vulnerability causes the application to crash, leading to a local denial-of-service condition.
Reproduction
The vulnerability can be reproduced by taking a valid .EGP file, reading it as raw binary data, and inserting a sequence of bytes at a specific offset to manipulate the file's internal structure. After saving the modified file, it can be opened in Easy Grade Pro, causing the application to crash due to an access violation from an out-of-bounds memory read.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.