lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAHB1F7-Dunk=o1PLSy0TTqHXgiJFWvAJQcuN8PCysKqiDWfeQA@mail.gmail.com>
Date: Sun, 3 Jan 2016 14:10:19 +0530
From: vishnu raju <rajuvishnu52@...il.com>
To: submit@...sec.com, 
 "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] Buffer Overflow in Advanced Encryption Package Software

Dear List,

Greetings from vishnu (@dH4wk)

1. Vulnerable Product

   - Advanced Encryption Package
   - Company http://www.aeppro.com/

2. Vulnerability Information

 (A) Buffer OverFlow
     Impact: Attacker gains administrative access
     Remotely Exploitable: No
     Locally Exploitable: Yes


3. Vulnerability Description
    The vulnerability resides in the registration part of the product The
product exhibits no input length check and uses vulnerable functions to
copy/compare the input.

The buffer overflow is in the SEH handler such that when the overflow
exception occurs, the next handler in the exception chain is affected.

*The windbg details are given below*:

(44c.4ac): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for
activationwizard.dll -
activationwizard!uninitialize+0x17959:
03708fd9 66833800        cmp     word ptr [eax],0
ds:002b:41414141=????


0:000:x86> r
eax=41414141 ebx=41414141 ecx=00000007 edx=00000073 esi=0371ffea
edi=7ffffffe
eip=03708fd9 esp=001884ac ebp=00188538 iopl=0         nv up ei pl nz na po
nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b
efl=00010202
activationwizard!uninitialize+0x17959:
03708fd9 66833800        cmp     word ptr [eax],0
ds:002b:41414141=????

Regards,
Vishnu Raju.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ