[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE19TRqf69aZb0004dc73@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Indigostar - Perledit
------------------------------------------------------------------
- EXPL-A-2003-010 exploitlabs.com Advisory 010
------------------------------------------------------------------
-= PerlEdit =-
exploitlabs.com
June 21, 2003
Vunerability:
-------------
Remote Overflow
Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html
Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."
screenshot: http://www.indigostar.com/perledit_screenshots.html
VUNERABILITY / EXPLOIT
======================
Upon execution perledit ( pe.exe ) binds to local TCP port 1956.
Connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of any unsaved data.
This test was run on XP running perledit 1.06 and 1.07 connecting
via XPpro / Win2kpro telnet.exe, pressing enter, then exiting via
the close dialog box.
------------- 'sploit -------------------------
telnet host-running-perledit 1956
READY
( exit telnet ) remote perledit crashes.
Further investigation may lead to more serious issues, I did not
persue as this was bad enough.
Local:
------
yes
Remote:
-------
yes
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
support@...igostar.com - Concurrent with this advisory
Credits:
--------
Donnie Werner
http://exploitlabs.com
Powered by blists - more mailing lists