• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Tomahawk Technologies SteelArrow ARO File Request Buffer Overflow Vulnerability

Reportedly, SteelArrow suffers from a buffer overflow condition requests for files with a .ARO extension are made. It is possible for an attacker to supply an overly long value to the SteelArrow service, when requesting files with a .ARO extension, that will cause the buffer overflow condition. This results in an access violation in DLLHOST.EXE that will cause the SteelArrow service to crash and overwrite stack memory with attacker supplied values.