[Full-Disclosure] The Bat! libpng bo?

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 11/04/04

Next message: Ferdinand Klinzer: "Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)"

Previous message: vuln_at_hexview.com: "[HV-MED] Zip/Linux long path buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Thu, 4 Nov 2004 18:54:39 +0300

Dear full-disclosure@lists.netsys.com,

  It looks like The Bat! uses libpng 1.0.5 and zlib 1.1.3 and is
  vulnerable to very old buffer overflow and double free bugs. At least
  it catches exception on http://www.security.nnov.ru/files/libpngbo.png
  and thread is silently closed... There is no any visual effect, but
  you can see it in debugger. The rest of The Bat! is written in Delphi.

Can anyone confirm if this is exploitable (I know nothing about
Borland compilers)?

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Ferdinand Klinzer: "Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)"

Previous message: vuln_at_hexview.com: "[HV-MED] Zip/Linux long path buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]