OllyDbg Library Module Name Denial Of Service Vulnerability
BID:12850
Info
OllyDbg Library Module Name Denial Of Service Vulnerability
| Bugtraq ID: | 12850 |
| Class: | Unknown |
| CVE: |
CVE-2005-0826 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this vulnerability is credited to atmaca <[email protected]>. |
| Vulnerable: |
OllyDbg OllyDbg 1.10 OllyDbg OllyDbg 1.0 9 OllyDbg OllyDbg 1.0 8b OllyDbg OllyDbg 1.0 6 |
| Not Vulnerable: | |
Discussion
OllyDbg Library Module Name Denial Of Service Vulnerability
OllyDbg is reported prone to a denial of service vulnerability. It is reported that the issue manifests when a target process that is being debugged attempts to load a library module that has a superfluous filename.
An attacker may exploit this vulnerability to deny service to OllyDbg users.
This vulnerability is reported to affect OllyDbg version 1.10 (final version) and prior versions.
OllyDbg is reported prone to a denial of service vulnerability. It is reported that the issue manifests when a target process that is being debugged attempts to load a library module that has a superfluous filename.
An attacker may exploit this vulnerability to deny service to OllyDbg users.
This vulnerability is reported to affect OllyDbg version 1.10 (final version) and prior versions.
Exploit / POC
OllyDbg Library Module Name Denial Of Service Vulnerability
A proof of concept executable is available at the following location:
http://www.atmacasoft.com/exp/OllyHole.exe
Caution should be exercised when interacting with this proof of concept; Customers should treat this file as potentially malicious as Symantec has not verified its integrity.
A proof of concept executable is available at the following location:
http://www.atmacasoft.com/exp/OllyHole.exe
Caution should be exercised when interacting with this proof of concept; Customers should treat this file as potentially malicious as Symantec has not verified its integrity.
Solution / Fix
OllyDbg Library Module Name Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
OllyDbg Library Module Name Denial Of Service Vulnerability
References:
References:
- OllyDbg Homepage (OllyDbg)
- OllyDbg long process Module debug Vulnerability (ATmaCA ATmaCA