DAMN Hash Calculator Remote Heap Buffer Overflow Vulnerability

Bugtraq ID:	52118
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 22 2012 12:00AM
Updated:	Feb 22 2012 12:00AM
Credit:	Julien Ahrens
Vulnerable:	DAMN Hash Calculator 1.5.1
Not Vulnerable:

DAMN Hash Calculator Remote Heap Buffer Overflow Vulnerability

DAMN Hash Calculator is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

DAMN Hash Calculator 1.5.1 is vulnerable; other versions may also be affected.

DAMN Hash Calculator Remote Heap Buffer Overflow Vulnerability

The following proof-of-concept is available:

• /data/vulnerabilities/exploits/52118.py

DAMN Hash Calculator Remote Heap Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

DAMN Hash Calculator Remote Heap Buffer Overflow Vulnerability

References:

• [IA8] DAMN Hash Calculator v1.5.1 Local Heap Overflow PoC (Julien Ahrens)
  
• Hash Calculator Download Page (DAMN)