[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CORELAN-10-028] - SpeedCommander 13.10 Memory Corruption DoS

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] [CORELAN-10-028] - SpeedCommander 13.10 Memory Corruption DoS
From: Security <security@xxxxxxxxxx>
Date: Tue, 20 Apr 2010 16:46:24 +0200

|------------------------------------------------------------------|
|                         __               __                      |
|   _________  ________  / /___ _____     / /____  ____ _____ ___  |
|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |
| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |
|                                                                  |
|                                       http://www.corelan.be:8800 |
|                                              security@xxxxxxxxxx |
|                                                                  | 
|-------------------------------------------------[ EIP Hunters ]--|
|                                                                  |
|                 Vulnerability Disclosure Report                  |
|                                                                  |
|------------------------------------------------------------------|

Advisory        : CORELAN-10-028
Disclosure date : April 20th, 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-028


00 : Vulnerability information
 Product : SpeedCommander
 Version : 13.10 (latest version)
 Vendor : SpeedProduct
 URL : http://www.speedproject.de
 Platform : Windows
 Type of vulnerability : Memory Corruption  Risk rating : Med  Issue fixed in 
version : not fixed  Vulnerability discovered by : TecR0c  Corelan Team :
 http://www.corelan.be:8800/index.php/security/corelan-team-members/


01 : Vendor description of software

"The SpeedCommander application was designed to be a comfortable file manager.

It builds on the proven two window technology and offers a multitude of 
exclusive features. Sort, copy, move or delete your files either using the 
keyboard or the mouse."


02 : Vulnerability details

A flaw in how the application handles a overly long zip filename which an 
attacker can utilize in a manner other than the designer intended. A memory 
corruption will occur which will result in a "SpeedCommander.exe encountered a 
problem in module CxZip61u.dll and needs to close."


03 : Author/Vendor communication

 March 31th, 2010 : author contacted
 April 9th, 2010  : sent reminder
 April 20th, 2010 : No response, public disclosure


04: Proof of Concept
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-028

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2010:083 ] emacs
Next by Date: Re: [Full-disclosure] [Tool] ReFrameworker 1.1
Previous by thread: [Full-disclosure] [ MDVSA-2010:083 ] emacs
Next by thread: [Full-disclosure] [USN-929-2] irssi regression
Index(es):
- Date
- Thread