Full Disclosure mailing list archives
Indigostar - Perledit
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sun, 22 Jun 2003 03:12:31 -0700
------------------------------------------------------------------ - EXPL-A-2003-010 exploitlabs.com Advisory 010 ------------------------------------------------------------------ -= PerlEdit =- exploitlabs.com June 21, 2003 Vunerability: ------------- Remote Overflow Product: -------- PerlEdit http://www.indigostar.com/perledit.html Description of product: ----------------------- "PerlEdit is an IDE for Perl and a general-purpose text editor. It includes a source code text editor with syntax highlighting and a visual debugger." screenshot: http://www.indigostar.com/perledit_screenshots.html VUNERABILITY / EXPLOIT ====================== Upon execution perledit ( pe.exe ) binds to local TCP port 1956. Connecting via Telnet localy or remotely causes the program to crash, resulting in a total loss of any unsaved data. This test was run on XP running perledit 1.06 and 1.07 connecting via XPpro / Win2kpro telnet.exe, pressing enter, then exiting via the close dialog box. ------------- 'sploit ------------------------- telnet host-running-perledit 1956 READY ( exit telnet ) remote perledit crashes. Further investigation may lead to more serious issues, I did not persue as this was bad enough. Local: ------ yes Remote: ------- yes Vendor Fix: ----------- No fix on 0day Vendor Contact: --------------- support () indigostar com - Concurrent with this advisory Credits: -------- Donnie Werner http://exploitlabs.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Indigostar - Perledit morning_wood (Jun 22)
- Re: Indigostar - Perledit petard (Jun 22)
- Re: Indigostar - Perledit morning_wood (Jun 22)
- Re: Indigostar - Perledit petard (Jun 22)