[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Netsprint Toolbar 1.1 arbitrary remote code vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Netsprint Toolbar 1.1 arbitrary remote code vulnerability
From: "Michal Bucko" <michal.bucko@xxxxxxx>
Date: Tue, 17 Apr 2007 13:01:00 +0200

Synopsis:  Netsprint Toolbar 1.1 arbitrary remote code vulnerability
Product:   Netsprint Toolbar
Version:   1.1

Author:    Michal Bucko (sapheal)


Issue:
======

Function of a prototype isChecked (char*) (in toolbar.dll) is vulnerable to 
buffer 
overrun. Arbitrary code execution might be possible.The problem occurs when 

767B49  MOV ECX,[EAX+140]        

data is being copied into the buffer of an insufficient size.



Impact:
=======

Remote arbitrary code execution.


Credits:
========

Michal Bucko (sapheal)



Disclaimer:
===========

This  document and all the information it contains are provided "as is",
for educational purposes only, without warranty  of  any  kind,  whether
express or implied.

The  authors reserve the right not to be responsible for the topicality,
correctness, completeness or quality of  the  information   provided  in
this  document.  Liability  claims regarding damage caused by the use of
any information provided, including any kind  of  information  which  is
incomplete or incorrect, will therefore be rejected.

Follow-Ups:
- Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability
  - From: Michal Zalewski

Prev by Date: iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability
Next by Date: PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities
Previous by thread: iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability
Next by thread: Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability
Index(es):
- Date
- Thread