Full Disclosure mailing list archives

By Date By Thread Buffer Overflow in Advanced Encryption Package Software From: vishnu raju <rajuvishnu52 () gmail com>

Date: Sun, 3 Jan 2016 14:10:19 +0530

Dear List, Greetings from vishnu (@dH4wk) 1. Vulnerable Product - Advanced Encryption Package - Company http://www.aeppro.com/ 2. Vulnerability Information (A) Buffer OverFlow Impact: Attacker gains administrative access Remotely Exploitable: No Locally Exploitable: Yes 3. Vulnerability Description The vulnerability resides in the registration part of the product The product exhibits no input length check and uses vulnerable functions to copy/compare the input. The buffer overflow is in the SEH handler such that when the overflow exception occurs, the next handler in the exception chain is affected. *The windbg details are given below*: (44c.4ac): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. *** ERROR: Symbol file could not be found. Defaulted to export symbols for activationwizard.dll - activationwizard!uninitialize+0x17959: 03708fd9 66833800 cmp word ptr [eax],0 ds:002b:41414141=???? 0:000:x86> r eax=41414141 ebx=41414141 ecx=00000007 edx=00000073 esi=0371ffea edi=7ffffffe eip=03708fd9 esp=001884ac ebp=00188538 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 activationwizard!uninitialize+0x17959: 03708fd9 66833800 cmp word ptr [eax],0 ds:002b:41414141=???? Regards, Vishnu Raju. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: Buffer Overflow in Advanced Encryption Package Software vishnu raju (Jan 05)