[Full-disclosure] ResEdit Buffer Overflow Vulnerabilities

From: Walied Assar <waliedassar@xxxxxxxxx>
Date: Thu, 24 May 2012 21:54:48 +0200

Product Link: http://www.resedit.net/

Affected version: 1.5.11-win32

Type of vulnerabilities: Buffer Overflow.

For Further information:
http://waleedassar.blogspot.com/2012/05/resedit-named-entries-two-buffer.html

POCs:
http://code.google.com/p/ollytlscatch/downloads/detail?name=ResEdit_POC1.exe
http://code.google.com/p/ollytlscatch/downloads/detail?name=ResEdit_POC2.exe

N.B. Not much efforts have been made into these POCs. They just crash the
application but code execution is possible.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by Date: [Full-disclosure] Malware.lu - analysis and pownage of hespesnet botnet
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by thread: [Full-disclosure] Malware.lu - analysis and pownage of hespesnet botnet
Index(es):
- Date
- Thread

Relevant Pages

[NT] CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow ... Remote exploitation of multiple buffer overflow vulnerabilities in ... rxsGetSubDirs, rxsGetServerDBPathName, rxsSetServerOptions, rxsDeleteFile, ...
(Securiteam)
[Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Deskto
... CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow ... ARCServe Backup for Laptops and Desktops is a version of ARCServe Backup ... Remote exploitation of multiple buffer overflow vulnerabilities in ... bypass vulnerability described in a previous iDefense advisory any ...
(Full-Disclosure)
iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Desktops Multiple Buffer Ove
... CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow ... ARCServe Backup for Laptops and Desktops is a version of ARCServe Backup ... Remote exploitation of multiple buffer overflow vulnerabilities in ... bypass vulnerability described in a previous iDefense advisory any ...
(Bugtraq)
Re: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
... *knows* what security vulnerabilities lurk beneath the skin of those ... > The real difference is the programming language used to write the code. ... > The C string is an invitation to a buffer overflow. ... > pointer in C (others have value/result where the subroutine makes a local ...
(Full-Disclosure)
iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities
... IBM AIX ftp getsMultiple Buffer Overflow Vulnerabilities ... The ftp program is a client application for accessing data stored on FTP ... iDefense has confirmed the existence of this vulnerability in AIX ...
(Bugtraq)