lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <C0641B79F7D6A44791BA8FA35BC143F901F9277ACD0C@apollo.corelan.be>
Date: Tue, 20 Apr 2010 16:46:24 +0200
From: Security <security@...elan.be>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: [CORELAN-10-028] - SpeedCommander 13.10 Memory
	Corruption DoS


|------------------------------------------------------------------|
|                         __               __                      |
|   _________  ________  / /___ _____     / /____  ____ _____ ___  |
|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |
| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |
|                                                                  |
|                                       http://www.corelan.be:8800 |
|                                              security@...elan.be |
|                                                                  | 
|-------------------------------------------------[ EIP Hunters ]--|
|                                                                  |
|                 Vulnerability Disclosure Report                  |
|                                                                  |
|------------------------------------------------------------------|

Advisory        : CORELAN-10-028
Disclosure date : April 20th, 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-028


00 : Vulnerability information
 Product : SpeedCommander
 Version : 13.10 (latest version)
 Vendor : SpeedProduct
 URL : http://www.speedproject.de
 Platform : Windows
 Type of vulnerability : Memory Corruption  Risk rating : Med  Issue fixed in version : not fixed  Vulnerability discovered by : TecR0c  Corelan Team :
 http://www.corelan.be:8800/index.php/security/corelan-team-members/


01 : Vendor description of software

"The SpeedCommander application was designed to be a comfortable file manager.

It builds on the proven two window technology and offers a multitude of exclusive features. Sort, copy, move or delete your files either using the keyboard or the mouse."


02 : Vulnerability details

A flaw in how the application handles a overly long zip filename which an attacker can utilize in a manner other than the designer intended. A memory corruption will occur which will result in a "SpeedCommander.exe encountered a problem in module CxZip61u.dll and needs to close."


03 : Author/Vendor communication

 March 31th, 2010 : author contacted
 April 9th, 2010  : sent reminder
 April 20th, 2010 : No response, public disclosure


04: Proof of Concept
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-028

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ