BID:52061

R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities

Info

R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities

Bugtraq ID:	52061
Class:	Input Validation Error
CVE:	CVE-2012-1221
Remote:	Yes
Local:	No
Published:	Feb 17 2012 12:00AM
Updated:	Apr 13 2015 09:01PM
Credit:	Luigi Auriemma
Vulnerable:	Gordon Williams R2/Extreme 1.65

Not Vulnerable:

Discussion

R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities

R2/Extreme is prone to a stack-based buffer-overflow vulnerability and a directory-traversal vulnerability.

Exploiting these issues may allow remote attackers to execute arbitrary code or retrieve arbitrary files within the context of the affected application.

R2/Extreme 1.65 is vulnerable; other versions may also be affected.

Exploit / POC

R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities

The following proof-of-concept is available:

/data/vulnerabilities/exploits/52061.zip

Solution / Fix

R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities

References:

R2/Extreme Homepage (Gordon Williams)
R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities (Luigi Auriemma)