Vulnerability The Bat v. 3.60.07

2006.02.24
Credit: NSA Group
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Advisory: NSAG-¹198-23.02.2006 Research: NSA Group [Russian company on Audit of safety & Network security] Site of Research: http://www.nsag.ru or http://www.nsag.org Product: The Bat v. 3.60.07 Site of manufacturer: www.ritlabs.com The status: 19/11/2005 - Publication is postponed. 19/11/2005 - Manufacturer is notified. 12/12/2005 - Answer of the manufacturer. 22/02/2006 - Publication of vulnerability. Original Advisory: http://www.nsag.ru/vuln/953.html Risk: Critical Description: Vulnerability exists owing to insufficient check of the size of the buffer of a variable in which it is copied data from field Subject. Influence: The malefactor is capable to execute an any code on a computer of the addressee of the letter. Exploit: If a field subject == 4038 bytes at reception of such letter there is an overflow of the buffer and Rewriting of registers EIP and EBP, that allows the malefactor to execute Any code in a context vulnerable The Bat appendices. Exemple: Subject:AAAAAAAAAAA.... 4038..... AABB A=0x41 (hex) B=0x42 (hex) Condition of a code, at the moment of overflow: New Entery point: 00420042 FE???; Unknown command // Performance of an any code!!! Condition of registers: EAX 01CCC4A4 ECX 00000000 EDX 0012FA5C EBX 02A4EB40 ESP 0012F9EC EBP 00410041 thebat.00410041 A A ESI 00000004 EDI 02A231F0 EIP 00420042 thebat.00420042 B B Decision: Download new version. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Our company is the independent auditor of the software in market IT. At present independent audit of the software becomes the standard practice and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors! www.nsag.ru ?Nemesis? © 2006 ------------------------------------ Nemesis Security Audit Group © 2006.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top