AOH :: HP Unsorted P :: TB11468.HTM

PCSoft WinDEV .wdp Project File Handling Buffer Overflow



PCSoft WinDEV .wdp Project File Handling Buffer Overflow
PCSoft WinDEV .wdp Project File Handling Buffer Overflow



This is a cryptographically signed message in MIME format.

--------------ms030002040703050106050806
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow

Release Date : 2007-06-28

Critical : Moderately critical. Level 3 of 5.
Impact : System access
Where : From remote

Solution Status : Unpatched

Software :
PCSoft WinDEV
(PCSoft WinDEV Express)
(PCSoft WinDEV Mobile)
(PCSoft WebDEV)

Description :
Jerome Athias has reported a vulnerability in PCSoft WinDEV, which can 
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling 
of a ".wdp" project file that contains an overly long string in the 
"used DLL" fields. This can be exploited to cause a stack-based buffer 
overflow and allows arbitrary code execution when a malicious ".wdp" 
file is opened.
It is also possible to perform an infinite loop (DoS), resulting in the 
use of a large amount of CPU and memory ressources using a malformed 
project file.

The vulnerability has been reported in version 11 (latest release: 
01F110053p). Older versions and other products (WinDEV Express, Mobile 
and WebDEV) could also be affected.


Solutions :
Do not open ".wdp" files from non-trusted sources.

Provided and discovered by :
Jerome Athias
http://www.JA-PSI.fr 

Original Advisory :
https://www.securinfos.info/english/security-advisories-alerts/20070628_PCSoft.WinDEV.wdp.Project.File.Handling.Buffer.Overflow.php 

PoC codes:
https://www.securinfos.info/english/security-tools-hacking/windev_crash.zip 

--------------ms030002040703050106050806
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJEzCC
AuQwggJNoAMCAQICEAIGtK6X1lHAKniUq1jU19owDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDYxODIwNDgwNVoX
DTA4MDYxNzIwNDgwNVowRzEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEkMCIG
CSqGSIb3DQEJARYVamVyb21lLmF0aGlhc0BmcmVlLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAt7vI6VSIfa80UvUC1LCJe8rMKULNRWK18FAnbVcrGiQhIpCoOx1QYFqJ
CtfmW+nRc6giAOkgjuq6SNG7pVsfYAzrRZp0vNoQhWj7mlf7tfXlqASi21inGtzNrTRnIrz6
7Rxz55MuUijnMzvXFx3NP3r3BSyGsJ0ePHeIjrvRvG7zpO4XjmKiDlw2w8CvBY8V6WUXJIFe
1Hc9SHIKUxLytB4Z3mbqJVxItI603uyop5uCRRwyaskkwfp/Zdh7NOKmEEE2jn5rgYi3m5yi
kmUWFCJpoBwL/cfxETkPW4GZCUP2zBuz/8q5r8D2rg6qyoJ74cPlP5o1zVnM97N6t03JMwID
AQABozIwMDAgBgNVHREEGTAXgRVqZXJvbWUuYXRoaWFzQGZyZWUuZnIwDAYDVR0TAQH/BAIw
ADANBgkqhkiG9w0BAQUFAAOBgQC8Ia2KUqJLAemjgjbxsnQSNFQSDorCeNcAmGSCvXfcjacW
GRDnglZMhIasx0QrfA9YysP/t+76lmLQ1QFm7V/BwUUsiuCDIK3TirbdHtM7F335nHezBt/o
ISnD3WIdRtS00AGTc5G4MGTNI2JWrNJDNua4TW9GfflL7+rzpeHQRzCCAuQwggJNoAMCAQIC
EAIGtK6X1lHAKniUq1jU19owDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkExJTAjBgNV
BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz
b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDYxODIwNDgwNVoXDTA4MDYxNzIwNDgw
NVowRzEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEkMCIGCSqGSIb3DQEJARYV
amVyb21lLmF0aGlhc0BmcmVlLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
t7vI6VSIfa80UvUC1LCJe8rMKULNRWK18FAnbVcrGiQhIpCoOx1QYFqJCtfmW+nRc6giAOkg
juq6SNG7pVsfYAzrRZp0vNoQhWj7mlf7tfXlqASi21inGtzNrTRnIrz67Rxz55MuUijnMzvX
Fx3NP3r3BSyGsJ0ePHeIjrvRvG7zpO4XjmKiDlw2w8CvBY8V6WUXJIFe1Hc9SHIKUxLytB4Z
3mbqJVxItI603uyop5uCRRwyaskkwfp/Zdh7NOKmEEE2jn5rgYi3m5yikmUWFCJpoBwL/cfx
ETkPW4GZCUP2zBuz/8q5r8D2rg6qyoJ74cPlP5o1zVnM97N6t03JMwIDAQABozIwMDAgBgNV
HREEGTAXgRVqZXJvbWUuYXRoaWFzQGZyZWUuZnIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B
AQUFAAOBgQC8Ia2KUqJLAemjgjbxsnQSNFQSDorCeNcAmGSCvXfcjacWGRDnglZMhIasx0Qr
fA9YysP/t+76lmLQ1QFm7V/BwUUsiuCDIK3TirbdHtM7F335nHezBt/oISnD3WIdRtS00AGT
c5G4MGTNI2JWrNJDNua4TW9GfflL7+rzpeHQRzCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcN
AQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT
CUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRp
ZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNv
bTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYD
VQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
xKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkV
cI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUq
VIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMG
A1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZy
ZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJp
dmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIX
oUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydx
VyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8x
ggNkMIIDYAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu
ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWlu
ZyBDQQIQAga0rpfWUcAqeJSrWNTX2jAJBgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJ
KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzA2MjgwNjQ4MDZaMCMGCSqGSIb3DQEJBDEW
BBQPlhCp9MurdsIJ+A4Zr/d9/WslKDBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G
CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCB
hQYJKwYBBAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1
bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz
c3VpbmcgQ0ECEAIGtK6X1lHAKniUq1jU19owgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEAIGtK6X1lHAKniUq1jU
19owDQYJKoZIhvcNAQEBBQAEggEAH/hBTJXR5LOuHTwfAKSaKDnpl9frXgy/spsJ9mUZw3Px
yGiWyhMpReKzSu0rXu3sKvwm3eKSG+Hjz9cxXerCjvw+dkp5ET7COX8E4JxvagU94nusoTMu
EOTXLg7/jIbprKFeO9VGoxQ1k9CjL35k7pN85FZsG1NvBd1lcswyxFX0pbJWYgb+mcXnlEbl
SXNc0gB3LmpHSvl8D97oFSxkBaUJdqy6JByEi2wV0IXcizYiMvTHkCEQpHbUVla9UTFqTls5
Brprn0kW8/GpyLuPZLTUqJNKPF5qFaZQj8kCxQmK40W420ulgwKTYzxv9gIVgHxomut34E4J
JXFUjRQwjQAAAAAAAA=--------------ms030002040703050106050806--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.