lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <bc80e01095da9a4ff1caa53a274e8a35@autistici.org>
Date: Tue, 24 Apr 2012 08:33:56 +0100
From: Carlo Di Dato <shinnai@...istici.org>
To: seclists <full-disclosure@...ts.grok.org.uk>
Subject: BeyondCHM 1.1 Buffer Overflow

 From http://www.beyondchm.com/:
"Beyond CHM is a powerful chm reader and chm editor, It enables user to 
open multiple tabs at the same time. With this CHM viewer, user can edit 
CHM files, including highlighting CHM text, changing font and font size, 
removing contents, adding comments and so on, all the changes can be 
saved persistently. Additionally, user can switch Beyond CHM between 
reader mode and editor mode easily. In reader mode, users can zoom on 
CHM pages and navigate among CHM pages easily. Beyond CHM is a good 
Microsoft HTML Help Tool replacement, which supports nearly all Windows 
operation systems."

Using a crafted .chm file is possible to cause a stack based buffer 
overflow.

Info: 
http://didasec.wordpress.com/2012/04/24/beyondchm-1-1-buffer-overflow/

Exploit: http://shinnai.altervista.org/exploits/SH-019-20120424.html

Be safe

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ