BID:12355 - PEiD Malformed PE File Remote Buffer Overflow Vulnerability

PEiD Malformed PE File Remote Buffer Overflow Vulnerability

BID:12355

Info

PEiD Malformed PE File Remote Buffer Overflow Vulnerability

Bugtraq ID:	12355
Class:	Boundary Condition Error
CVE:	CVE-2005-0115
Remote:	Yes
Local:	No
Published:	Jan 25 2005 12:00AM
Updated:	Dec 11 2008 03:01AM
Credit:	Lord Yup is credited with the discovery of this issue.
Vulnerable:	PEiD PEiD 0.92 PEiD PEiD 0.91 PEiD PEiD 0.90 PEiD PEiD 0.8 PEiD PEiD 0.7 Beta PEiD PEiD 0.6 Beta PEiD PEiD 0.5 Beta PEiD PEiD 0.5 alpha PEiD PEiD 0.4 beta PEiD PEiD 0.4 alpha PEiD PEiD 0.3 beta PEiD PEiD 0.2 alpha PEiD PEiD 0.1 alpha

Not Vulnerable:

Discussion

PEiD Malformed PE File Remote Buffer Overflow Vulnerability

A remote buffer-overflow vulnerability affects PEiD because the application fails to properly validate the length of user-supplied strings before copying them into static process buffers.

An attacker who entices an unsuspecting user to load a maliciously crafted Portable Executable (PE) file with the affected utility may exploit this issue.

The attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

Exploit / POC

PEiD Malformed PE File Remote Buffer Overflow Vulnerability

The following exploit code is available:

/data/vulnerabilities/exploits/12355.pl

Solution / Fix

PEiD Malformed PE File Remote Buffer Overflow Vulnerability

Solution:
The vendor has released an update to address this vulnerability.

PEiD PEiD 0.1 alpha

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.2 alpha

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.3 beta

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.4 beta

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.4 alpha

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.5 alpha

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.5 Beta

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.6 Beta

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.7 Beta

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.8

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.90

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.91

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

PEiD PEiD 0.92

PEiD PEiD-0.93-20050130.zip
http://www.absolutelock.de/construction/files/releases/PEiD-0.93-20050 130.zip

References

PEiD Malformed PE File Remote Buffer Overflow Vulnerability

References:

PEiD Buffer Overflow Vulnerability (PEiD)
PEiD Home Page (PEiD)
DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability ("iDefense Customer Service" )
Re: iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro (dila )