Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabilities
BID:10012
Info
Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabilities
| Bugtraq ID: | 10012 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 30 2004 12:00AM |
| Updated: | Mar 30 2004 12:00AM |
| Credit: | Discovery is credited to Oliver Lavery <[email protected]>. |
| Vulnerable: |
Liu Die Yu WinBlox 6.0 |
| Not Vulnerable: | |
Discussion
Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabilities
It has been reported that WinBlox may be prone to multiple buffer overflow vulnerabilities. The issues allegedly exist due to improper bounds checking of data passed to multiple sprintf() operations in the 'My_CreateFileW' function. WinBlox uses this function to provide a run-time wrapper for the CreateFileW Windows API function.
It is likely that some applications on a system using WinBlox may present an attack vector for both local and remote attackers, possibly allowing for denial of service attacks or execution of arbitrary code in the context of the application.
It has been reported that WinBlox may be prone to multiple buffer overflow vulnerabilities. The issues allegedly exist due to improper bounds checking of data passed to multiple sprintf() operations in the 'My_CreateFileW' function. WinBlox uses this function to provide a run-time wrapper for the CreateFileW Windows API function.
It is likely that some applications on a system using WinBlox may present an attack vector for both local and remote attackers, possibly allowing for denial of service attacks or execution of arbitrary code in the context of the application.
Exploit / POC
Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabilities
References:
References:
- RE: security enforcement - new monitor for winnt (Liu Die Yu
)