Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow

from [Jerome Athias] Network Security [Permanent Link]
Subject: [SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow
Date: Thu, 28 Jun 2007 08:48:06 +0200 
[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow

Release Date : 2007-06-28

Critical : Moderately critical. Level 3 of 5.
Impact : System access
Where : From remote

Solution Status : Unpatched

Software :
PCSoft WinDEV
(PCSoft WinDEV Express)
(PCSoft WinDEV Mobile)
(PCSoft WebDEV)

Description :
Jerome Athias has reported a vulnerability in PCSoft WinDEV, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling of a ".wdp" project file that contains an overly long string in the "used DLL" fields. This can be exploited to cause a stack-based buffer overflow and allows arbitrary code execution when a malicious ".wdp" file is opened.
It is also possible to perform an infinite loop (DoS), resulting in the use of a large amount of CPU and memory ressources using a malformed project file.

The vulnerability has been reported in version 11 (latest release: 01F110053p). Older versions and other products (WinDEV Express, Mobile and WebDEV) could also be affected.


Solutions :
Do not open ".wdp" files from non-trusted sources.

Provided and discovered by :
Jerome Athias
http://www.JA-PSI.fr

Original Advisory :
https://www.securinfos.info/english/security-advisories-alerts/20070628_PCSoft.WinDEV.wdp.Project.File.Handling.Buffer.Overflow.php

PoC codes:
https://www.securinfos.info/english/security-tools-hacking/windev_crash.zip

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow, Jerome Athias <=
Previous by Date:  XEForum Cookie Modification Privilege Escalation Vulnerability, Firewall1954
Next by Date:  Secunia Research: Symantec Mail Security for SMTP Boundary Errors, Secunia Research
Previous by Thread:  XEForum Cookie Modification Privilege Escalation Vulnerability, Firewall1954
Next by Thread:  Secunia Research: Symantec Mail Security for SMTP Boundary Errors, Secunia Research
Indexes:  [Date] [Thread] [Top] [All Lists]