Total Commands ISO_WinCmd Plugin Multiple Remote Buffer Overflow Vulnerabilities
BID:21820
Info
Total Commands ISO_WinCmd Plugin Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21820 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 30 2006 12:00AM |
| Updated: | Jan 04 2007 06:27PM |
| Credit: | Tan Chew Keong is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Sergey Oblomov iso_wincmd 1.7.3 beta 3 Sergey Oblomov iso_wincmd 1.6.10 |
| Not Vulnerable: | |
Discussion
Total Commands ISO_WinCmd Plugin Multiple Remote Buffer Overflow Vulnerabilities
The iso_wincmd plugin for Total Commander is prone to multiple remote buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data prior to using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the application using the affected plugin.
These issues affect version 1.7.3 beta 3 of the plugin; other versions may also be vulnerable. These issues are reported to affect Total Commander when using the plugin module; other applications using the module may also be affected.
The iso_wincmd plugin for Total Commander is prone to multiple remote buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data prior to using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the application using the affected plugin.
These issues affect version 1.7.3 beta 3 of the plugin; other versions may also be vulnerable. These issues are reported to affect Total Commander when using the plugin module; other applications using the module may also be affected.
Exploit / POC
Total Commands ISO_WinCmd Plugin Multiple Remote Buffer Overflow Vulnerabilities
According to the reporter of this issue, exploit code and proof-of-concept code are available to exploit these issues.
According to the reporter of this issue, exploit code and proof-of-concept code are available to exploit these issues.
Solution / Fix
Total Commands ISO_WinCmd Plugin Multiple Remote Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Total Commands ISO_WinCmd Plugin Multiple Remote Buffer Overflow Vulnerabilities
References:
References:
- iso plugin for Total Commander (read CD-ROM images) (Sergey Oblomov)
- iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability (Tan Chew Keong)
- Total Commander Homepage (Total Commander)
- [vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability (Tan Chew Keong)