Full Disclosure mailing list archives
[CORELAN-10-028] - SpeedCommander 13.10 Memory Corruption DoS
From: Security <security () corelan be>
Date: Tue, 20 Apr 2010 16:46:24 +0200
|------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security () corelan be | | | |-------------------------------------------------[ EIP Hunters ]--| | | | Vulnerability Disclosure Report | | | |------------------------------------------------------------------| Advisory : CORELAN-10-028 Disclosure date : April 20th, 2010 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-028 00 : Vulnerability information Product : SpeedCommander Version : 13.10 (latest version) Vendor : SpeedProduct URL : http://www.speedproject.de Platform : Windows Type of vulnerability : Memory Corruption Risk rating : Med Issue fixed in version : not fixed Vulnerability discovered by : TecR0c Corelan Team : http://www.corelan.be:8800/index.php/security/corelan-team-members/ 01 : Vendor description of software "The SpeedCommander application was designed to be a comfortable file manager. It builds on the proven two window technology and offers a multitude of exclusive features. Sort, copy, move or delete your files either using the keyboard or the mouse." 02 : Vulnerability details A flaw in how the application handles a overly long zip filename which an attacker can utilize in a manner other than the designer intended. A memory corruption will occur which will result in a "SpeedCommander.exe encountered a problem in module CxZip61u.dll and needs to close." 03 : Author/Vendor communication March 31th, 2010 : author contacted April 9th, 2010 : sent reminder April 20th, 2010 : No response, public disclosure 04: Proof of Concept http://www.corelan.be:8800/advisories.php?id=CORELAN-10-028 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CORELAN-10-028] - SpeedCommander 13.10 Memory Corruption DoS Security (Apr 20)