BID:38900

Crimson Editor '.cfg' File Stack Buffer Overflow Vulnerability

Info

Crimson Editor '.cfg' File Stack Buffer Overflow Vulnerability

Bugtraq ID:	38900
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 21 2010 12:00AM
Updated:	Mar 25 2010 09:42AM
Credit:	R3VAN_BASTARD
Vulnerable:	Crimson Editor Crimson Editor 3.70

Not Vulnerable:

Discussion

Crimson Editor '.cfg' File Stack Buffer Overflow Vulnerability

Crimson Editor is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Crimson Editor 3.70 is vulnerable; other versions may also be affected.

Exploit / POC

Crimson Editor '.cfg' File Stack Buffer Overflow Vulnerability

The following exploit code is available:

/data/vulnerabilities/exploits/38900.py

Solution / Fix

Crimson Editor '.cfg' File Stack Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Crimson Editor '.cfg' File Stack Buffer Overflow Vulnerability

References:

Crimson Editor Configuration File Buffer Overflow Vulnerability (SEH) (sharpe)
Crimson Editor Homepage (Crimson Editor)