lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 20 Mar 2005 05:44:03 -0000
From: HaCkZaTaN <hck_zatan@...mail.com>
To: bugtraq@...urityfocus.com
Subject: -==PVDasm Long Name Debug Vulnerability==-




/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #10 - 19/03/05
--------------------------------------------------------
Program:  PVDasm
Homepage:  http://pvdasm.reverse-engineering.net/
Vulnerable Versions: v1.6b & lowers
Risk: Medium!!
Impact: Long Name Debug Vulnerability

   -==PVDasm Long Name Debug Vulnerability==-
---------------------------------------------------------

- Description
---------------------------------------------------------
Proview (a.k.a: PVDasm) is: Interactive, Multi-Cpu (x86/Chip8) Disassembler.
the Disassembler engine has been coded by (Ben) and it's free for Public Usage.
Proview (PVDasm) is my attempt to make a Disassembler as a part for school final
project and for basic knowledge & fun!
PVDasm is fully coded in C (IDE: MS-VC++.6.0), a bit of C++ Classes and STL
Templates for internal memory management.

- Tested
---------------------------------------------------------
Windows XP non-SP

- Explotation
---------------------------------------------------------
If PVDasm load a file with more than 100 characters it will
crash. This can be use for anti-debuging techniques.

- Exploit
---------------------------------------------------------
Pick any *.exe and change the name for more than 100 Characters or letters
and PVDasm will crash.

- Solutions
--------------------------------------------------------
Not Yet xD

- References
--------------------------------------------------------
http://neosecurityteam.net/Advisories/Advisory-10.txt

- Credits
-------------------------------------------------
Discovered by HaCkZaTaN <hck_zatan@...mail.com>

[N]eo [S]ecurity [T]eam [NST]® - http://neosecurityteam.net/

Got Questions? http://neosecurityteam.net/

Irc.InfoGroup.cl #neosecurityteam

- Greets
--------------------------------------------------------
           Paisterist
           T0wn3r
           LINUX
	   Heap
           Nitrous
           CrashCool
           eL_mEsIaS
           Makoki
           KingMetal

           And my Colombian people

	@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
	'@@@@@''@@'@@@''''''''@@''@@@''@@
	'@@'@@@@@@''@@@@@@@@@'''''@@@
	'@@'''@@@@'''''''''@@@''''@@@
	@@@@''''@@'@@@@@@@@@@''''@@@@@
*/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ