[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] ResEdit Buffer Overflow Vulnerabilities

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] ResEdit Buffer Overflow Vulnerabilities
From: Walied Assar <waliedassar@xxxxxxxxx>
Date: Thu, 24 May 2012 21:54:48 +0200

Product Link: http://www.resedit.net/

Affected version: 1.5.11-win32

Type of vulnerabilities: Buffer Overflow.

For Further information:
http://waleedassar.blogspot.com/2012/05/resedit-named-entries-two-buffer.html

POCs:
http://code.google.com/p/ollytlscatch/downloads/detail?name=ResEdit_POC1.exe
http://code.google.com/p/ollytlscatch/downloads/detail?name=ResEdit_POC2.exe


N.B. Not much efforts have been made into these POCs. They just crash the
application but code execution is possible.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by Date: [Full-disclosure] Malware.lu - analysis and pownage of hespesnet botnet
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by thread: [Full-disclosure] Malware.lu - analysis and pownage of hespesnet botnet
Index(es):
- Date
- Thread