BugTraq
[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow Jun 28 2007 06:48AM
Jerome Athias (jerome athias free fr)
[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow

Release Date : 2007-06-28

Critical : Moderately critical. Level 3 of 5.
Impact : System access
Where : From remote

Solution Status : Unpatched

Software :
PCSoft WinDEV
(PCSoft WinDEV Express)
(PCSoft WinDEV Mobile)
(PCSoft WebDEV)

Description :
Jerome Athias has reported a vulnerability in PCSoft WinDEV, which can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling
of a ".wdp" project file that contains an overly long string in the
"used DLL" fields. This can be exploited to cause a stack-based buffer
overflow and allows arbitrary code execution when a malicious ".wdp"
file is opened.
It is also possible to perform an infinite loop (DoS), resulting in the
use of a large amount of CPU and memory ressources using a malformed
project file.

The vulnerability has been reported in version 11 (latest release:
01F110053p). Older versions and other products (WinDEV Express, Mobile
and WebDEV) could also be affected.

Solutions :
Do not open ".wdp" files from non-trusted sources.

Provided and discovered by :
Jerome Athias
http://www.JA-PSI.fr

Original Advisory :
https://www.securinfos.info/english/security-advisories-alerts/20070628_
PCSoft.WinDEV.wdp.Project.File.Handling.Buffer.Overflow.php

PoC codes:
https://www.securinfos.info/english/security-tools-hacking/windev_crash.
zip
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ? 0?ä0?M ´®?ÖQÀ*x?«XÔ×Ú0
 *?H?÷
0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
070618204805Z
080617204805Z0G10UThawte Freemail Member1$0" *?H?÷
 jerome.athias (at) free (dot) fr0 [email concealed]?"0
 *?H?÷
?0?
?·»ÈéT?}¯4RõÔ°?{ÊÌ)BÍEbµðP'mW+$!"¨;P`Z?
×æ[éÑs¨"é ?êºHÑ»¥[` ëE?t¼Ú?hû?Wûµõ娢ÛX§ÜÍ­4g"¼úísç?.R(ç3;×Í?z÷,?°<w??»Ñ¼nó¤î?b¢\
6ÃÀ¯ée$^Ôw=Hr
Sò´Þfê%\H´?´Þ쨧??E2jÉ$ÁúeØ{4â¦A6?~k?·??¢?e"i  ýÇñ9[? Cö̳ÿʹ¯Àö®ªÊ?{áÃå??5ÍYÌ÷³z·MÉ3£2000 U0jerome.athias (at) free (dot) fr0 [email concealed] Uÿ00
 *?H?÷
¼!­?R¢Ké£?6ñ²t4T?Âx×?d?½w܍§ç?VL??¬ÇD+|XÊÃÿ·îú?bÐÕfí_ÁÁE
,?à? ­Ó?¶ÝÓ;}ù?w³ßè!)ÃÝbFÔ´Ð?s?¸0dÍ#bV¬ÒC6æ¸MoF}ùKïêó¥áÐG0?ä0?M 
´®?ÖQÀ*x?«XÔ×Ú0
 *?H?÷
0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
070618204805Z
080617204805Z0G10UThawte Freemail Member1$0" *?H?÷
 jerome.athias (at) free (dot) fr0 [email concealed]?"0
 *?H?÷
?0?
?·»ÈéT?}¯4RõÔ°?{ÊÌ)BÍEbµðP'mW+$!"¨;P`Z?
×æ[éÑs¨"é ?êºHÑ»¥[` ëE?t¼Ú?hû?Wûµõ娢ÛX§ÜÍ­4g"¼úísç?.R(ç3;×Í?z÷,?°<w??»Ñ¼nó¤î?b¢\
6ÃÀ¯ée$^Ôw=Hr
Sò´Þfê%\H´?´Þ쨧??E2jÉ$ÁúeØ{4â¦A6?~k?·??¢?e"i  ýÇñ9[? Cö̳ÿʹ¯Àö®ªÊ?{áÃå??5ÍYÌ÷³z·MÉ3£2000 U0jerome.athias (at) free (dot) fr0 [email concealed] Uÿ00
 *?H?÷
¼!­?R¢Ké£?6ñ²t4T?Âx×?d?½w܍§ç?VL??¬ÇD+|XÊÃÿ·îú?bÐÕfí_ÁÁE
,?à? ­Ó?¶ÝÓ;}ù?w³ßè!)ÃÝbFÔ´Ð?s?¸0dÍ#bV¬ÒC6æ¸MoF}ùKïêó¥áÐG0??0?¨ 

0
 *?H?÷
0Ñ1 0 UZA10U Western Cape10U Cape Town10U
Thawte Consulting1(0&U Certification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
 personal-freemail (at) thawte (dot) com0 [email concealed]
030717000000Z
130716235959Z0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0?0
 *?H?÷
0?Ä¦<UsUûN¹Ê?ZhÀupßéÿ£ì½Íõ[òv½ :aò¿QÎÔåP
0×cZ,?p?ÝÉð+?Zª?qV˯< çñ?6$*Ï+Õó?w=¾+þ»>¿@?dק¦»?eÑÅ*T?H§¶Ñ<
a@dr`·û£?0?0Uÿ0ÿ0CU<0:08 6 4?2http://crl.tha
wte.com/ThawtePersonalFreemailCA.crl0 U0)U"0 ¤010UPrivateLabel2-1380
 *?H?÷
H?ÑP?ê .Ì
£f¬g¯¬¾Â¡C??L!¸ø6ª-?6/ÀôP ?p<ý­áabÃÙ:~?±?Å ?t?%P?bÇÛ'qW%Ý©?9?? Oe_?Ú÷÷?ÖÆN®öê4å[5MwãV!x?Ü!5Þ$±ÓFÿ]_eO1?d0?`0v0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA´®?ÖQÀ*x?«XÔ×Ú0 + ?Ã0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
070628064806Z0# *?H?÷
 1?©ôË«v ø¯÷}ýk%(0R *?H?÷
 1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0? +?71x0v0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA´®?ÖQÀ*x?«XÔ×Ú0? *?H?÷
  1x v0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA´®?ÖQÀ*x?«XÔ×Ú0
 *?H?÷
?øAL?Ñä³®<¤?(9é?×ë^ ¿²? öeÃsñÈh?Ê)Eâ³Jí+^íì*ü&Ýâ?áãÏ×1]êÂ?ü>vJy>Â9à?oj=â{¬¡3.ä×.ÿ??鬡^
;ÕF£5?У/~dî?|äVlSoÝerÌ2ÄUô¥²Vbþ?Åç?FåIs\Òw.jGJù|Þè,d¥ v¬º$??lÐ?Ü?6"2ôǐ!¤vÔVV½Q1jN[9ºk?Ióñ©È»d´Ô¨?J<^j¦PÉÅ ?ãE¸ÛK¥??c<oö?|h?ëwàN %qT0

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus