Resource Hacker Heap Based Buffer Overflow Vulnerability

Bugtraq ID:	53608
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	May 17 2012 12:00AM
Updated:	May 17 2012 12:00AM
Credit:	waliedassar
Vulnerable:	Angus Johnson Resource Hacker 3.6.0.92
Not Vulnerable:

Resource Hacker Heap Based Buffer Overflow Vulnerability

Resource Hacker is prone to a remote buffer-overflow vulnerability due to a failure to properly bounds check user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Resource Hacker 3.6.0.92 is affected; other versions may also be vulnerable.

Resource Hacker Heap Based Buffer Overflow Vulnerability

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Resource Hacker Heap Based Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Resource Hacker Heap Based Buffer Overflow Vulnerability

References:

• Resource Hacker Homepage (Angus Johnson)
  
• Resource Tuner Heap Overflow Vulnerability (waleedassar)