Nishant Das Patnaik

# Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability
# Date: 02/01/2010
# EDB-ID: 11427
# Author: Nishant Das Patnaik
# Software Link: Here
# Version: 2.0b1
# Tested on: Windows XP SP2/SP3 (x86), Vista (x86), Windows 7 (x64)
# Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. The bug is the SQL query processor engine, it can't handle malformed SQL queries leading to crash.

*Start of Exception Report

** Register Dump:
    EAX=00000000
    EBX=0022FB94 : 004BE988 010EC7A8 004BEB8C 003E0000
    ECX=010FFC60 : 010FFCB0 00000013 00000000 010FFCC8
    EDX=00000000
    EDI=0022FB94 : 004BE988 010EC7A8 004BEB8C 003E0000
    ESI=0022B96C : 0113B228 0022FB94 0022B9D0 0022FB94
    ESP=0022B91C : 010FEB10 00000001 0022B98C 0022B990
    EBP=0022B9C4 : 0022BA14 00471966 0022FB94 00000000
    EIP=00467935 : 0F003880 FFFBD085 C4458BFF 0F08FFF0
** Stack Dump:
    0022B91C: 010FEB10 : 6EE2CFC8 010FEBD0 6EE2D1CC 010F0000
    0022B920: 00000001
    0022B924: 0022B98C : 00000000 00000000 0113A928 6EDC6F9E
    0022B928: 0022B990 : 00000000 0113A928 6EDC6F9E 0022FB94
    0022B92C: 0022B98C : 00000000 00000000 0113A928 6EDC6F9E
    0022B930: 0022B9FC : 003ECC88 010FDB98 00000000 01111178
    0022B934: 7C910021 : 840FC084 000007A9 02F005F6 0F027FFE
    0022B938: 003E0718 : 011007F0 1B42001D 01000077 000028CC
    0022B93C: 0022FCD8 : 00000000 6A33F0A0 6A33F0A0 6A33F0A0
    0022B940: 010FCEE8 : 0110BC18 010FDB98 010FDB98 0022BB48
    0022B944: 010CA8A0 : 010FCEE8 010FDB98 010FDB98 0022BB08
    0022B948: 010CA8A0 : 010FCEE8 010FDB98 010FDB98 0022BB08
    0022B94C: 77C2C3E7 : 7559C085 0C453914 75FF0F74 D94DE808
    0022B950: 6A21A4B4 : 57E58955 30EC8353 8B08558B 1D8B0C4D
    0022B954: 6A33F100 : 00000A02 00000000 00000000 6A33F112
    0022B958: 6A33F100 : 00000A02 00000000 00000000 6A33F112
** Disassembly listing
    00467935: 803800                  cmp                 [eax], 0x00000000
    00467938: 0F85D0FBFFFF       jnz                 -0x00000430
    0046793E: 8B45C4                 mov                 eax, [ebp-0x3C]
    00467941: F0FF08                lock:dec            [eax]
    00467944: 0F95C2                setnz               dl
    00467947: 84D2                   test                dl, dl
    00467949: 0F8534FBFFFF     jnz                 -0x000004CC
    0046794F: 8B45C4               mov                 eax, [ebp-0x3C]
    00467952: 890424               mov                 [esp], eax
    00467955: FF15C87C4C00    call                0x004C7CC8
** End of exception report

# PoC: Download

Screenshot: