Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Indigostar - Perledit

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sun, 22 Jun 2003 03:12:31 -0700
------------------------------------------------------------------
          - EXPL-A-2003-010 exploitlabs.com Advisory 010
------------------------------------------------------------------
                         -= PerlEdit =-


exploitlabs.com
June 21, 2003


Vunerability:
-------------
Remote Overflow

Product:
--------
PerlEdit
http://www.indigostar.com/perledit.html


Description of product:
-----------------------
"PerlEdit is an IDE for Perl and a general-purpose text editor.
It includes a source code text editor with syntax highlighting
and a visual debugger."

screenshot: http://www.indigostar.com/perledit_screenshots.html  



VUNERABILITY / EXPLOIT
======================

 Upon execution perledit ( pe.exe ) binds to local TCP port 1956.
Connecting via Telnet localy or remotely causes the program
to crash, resulting in a total loss of any unsaved data.

This test was run on XP running perledit 1.06 and 1.07 connecting
via XPpro / Win2kpro telnet.exe, pressing enter, then exiting via
the close dialog box.

------------- 'sploit -------------------------

telnet host-running-perledit 1956

READY

( exit telnet ) remote perledit crashes.


 Further investigation may lead to more serious issues, I did not
persue as this was bad enough.


Local:
------
yes

Remote:
-------
yes

Vendor Fix:
-----------
No fix on 0day


Vendor Contact:
---------------
support () indigostar com - Concurrent with this advisory


Credits:
--------
Donnie Werner
http://exploitlabs.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: