PAC-Designer '.pac' File Buffer Overflow Vulnerability

Bugtraq ID:	53566
Class:	Boundary Condition Error
CVE:	CVE-2012-2915
Remote:	Yes
Local:	No
Published:	May 16 2012 12:00AM
Updated:	Jun 17 2012 12:03AM
Credit:	Anonymous via Secunia
Vulnerable:	Lattice Semiconductor PAC-Designer 6.2.1344
Not Vulnerable:

PAC-Designer '.pac' File Buffer Overflow Vulnerability

PAC-Designer is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

PAC-Designer 6.2.1344 is vulnerable; other versions may also be affected.

PAC-Designer '.pac' File Buffer Overflow Vulnerability

The following exploits are available:

• /data/vulnerabilities/exploits/53566.py
• /data/vulnerabilities/exploits/53566.rb

PAC-Designer '.pac' File Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

PAC-Designer '.pac' File Buffer Overflow Vulnerability

References:

• PAC-Designer Homepage (Lattice Semiconductor)