|
Synopsis: Netsprint Toolbar 1.1 arbitrary remote code vulnerability
Product: Netsprint Toolbar
Version: 1.1
Author: Michal Bucko (sapheal)
Issue:
=====
Function of a prototype isChecked (char*) (in toolbar.dll) is vulnerable to
buffer
overrun. Arbitrary code execution might be possible.The problem occurs when
767B49 MOV ECX,[EAX+140]
data is being copied into the buffer of an insufficient size.
Impact:
======
Remote arbitrary code execution.
Credits:
=======
Michal Bucko (sapheal)
Disclaimer:
==========
This document and all the information it contains are provided "as is",
for educational purposes only, without warranty of any kind, whether
express or implied.
The authors reserve the right not to be responsible for the topicality,
correctness, completeness or quality of the information provided in
this document. Liability claims regarding damage caused by the use of
any information provided, including any kind of information which is
incomplete or incorrect, will therefore be rejected.