OllyDBG Resource Directory Integer Overflow Vulnerability
BID:53033
Info
OllyDBG Resource Directory Integer Overflow Vulnerability
| Bugtraq ID: | 53033 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 16 2012 12:00AM |
| Updated: | Apr 16 2012 12:00AM |
| Credit: | Walied Assar |
| Vulnerable: |
OllyDbg OllyDbg 1.10 |
| Not Vulnerable: | |
Discussion
OllyDBG Resource Directory Integer Overflow Vulnerability
OllyDBG is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized memory buffer.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
OllyDBG v1.10 is vulnerable; other versions may also be affected.
OllyDBG is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized memory buffer.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
OllyDBG v1.10 is vulnerable; other versions may also be affected.
Exploit / POC
OllyDBG Resource Directory Integer Overflow Vulnerability
To exploit this issue, an attacker would entice an unsuspecting victim into opening a malicious file.
To exploit this issue, an attacker would entice an unsuspecting victim into opening a malicious file.
Solution / Fix
OllyDBG Resource Directory Integer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
OllyDBG Resource Directory Integer Overflow Vulnerability
References:
References:
- OllyDbg Homepage (OllyDbg)
- OllyDbg Resource Table Parsing Integer Overflow (waliedassar)