SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability
BID:39616
Info
SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability
| Bugtraq ID: | 39616 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 21 2010 12:00AM |
| Updated: | Apr 21 2010 12:00AM |
| Credit: | TecR0c |
| Vulnerable: |
Speedproject SpeedCommander 13.10 |
| Not Vulnerable: | |
Discussion
SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability
SpeedProject SpeedCommander is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
SpeedCommander 13.10 is vulnerable; other versions may also be affected.
SpeedProject SpeedCommander is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
SpeedCommander 13.10 is vulnerable; other versions may also be affected.
Exploit / POC
SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability
The following proof-of-concept code is available:
The following proof-of-concept code is available:
Solution / Fix
SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
References
SpeedProject SpeedCommander ZIP Archive Buffer Overflow Vulnerability
References:
References:
- Speed Commander 13.10 (.zip) Memory Corruption (TecR0c)
- SpeedCommander Homepage (SpeedProject)