lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <468359A6.4000908@free.fr>
Date: Thu, 28 Jun 2007 08:48:06 +0200
From: Jerome Athias <jerome.athias@...e.fr>
To: bugtraq@...urityfocus.com
Subject: [SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow

[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow

Release Date : 2007-06-28

Critical : Moderately critical. Level 3 of 5.
Impact : System access
Where : From remote

Solution Status : Unpatched

Software :
PCSoft WinDEV
(PCSoft WinDEV Express)
(PCSoft WinDEV Mobile)
(PCSoft WebDEV)

Description :
Jerome Athias has reported a vulnerability in PCSoft WinDEV, which can 
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling 
of a ".wdp" project file that contains an overly long string in the 
"used DLL" fields. This can be exploited to cause a stack-based buffer 
overflow and allows arbitrary code execution when a malicious ".wdp" 
file is opened.
It is also possible to perform an infinite loop (DoS), resulting in the 
use of a large amount of CPU and memory ressources using a malformed 
project file.

The vulnerability has been reported in version 11 (latest release: 
01F110053p). Older versions and other products (WinDEV Express, Mobile 
and WebDEV) could also be affected.


Solutions :
Do not open ".wdp" files from non-trusted sources.

Provided and discovered by :
Jerome Athias
http://www.JA-PSI.fr

Original Advisory :
https://www.securinfos.info/english/security-advisories-alerts/20070628_PCSoft.WinDEV.wdp.Project.File.Handling.Buffer.Overflow.php

PoC codes:
https://www.securinfos.info/english/security-tools-hacking/windev_crash.zip

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (3253 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ