Back to list
NSA Group Security Advisory NSAG-¹198-23.02.2006 Vulnerability The Bat v. 3.60.07
Feb 23 2006 09:37PM
NSA Group (vulnerability nsag ru)
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
The Bat v. 3.60.07
Site of manufacturer:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is notified.
12/12/2005 - Answer of the manufacturer.
22/02/2006 - Publication of vulnerability.
Vulnerability exists owing to insufficient check of the size of the buffer of a variable
in which it is copied data from field Subject.
The malefactor is capable to execute an any code on a computer of the addressee of the letter.
If a field subject == 4038 bytes at reception of such letter there is an overflow of the buffer and
Rewriting of registers EIP and EBP, that allows the malefactor to execute
Any code in a context vulnerable The Bat appendices.
Subject:AAAAAAAAAAA.... 4038..... AABB
Condition of a code, at the moment of overflow:
New Entery point:
00420042 FE???; Unknown command // Performance of an any code!!!
Condition of registers:
EBP 00410041 thebat.00410041
EIP 00420042 thebat.00420042
Download new version.
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors!
«Nemesis» © 2006
Nemesis Security Audit Group © 2006.
[ reply ]
Copyright 2010, SecurityFocus