Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability

2010.03.06
Credit: LiquidWorm
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

----------------------------------------------------------------------------------- Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability Summary: Deimos Kasa is a Windows restaurant management software. Desc: Deimos Kasa is prone to an integer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input in the table field. Successfully exploiting these issues may allow local attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Product web page: http://www.planet.com.mk Vendor: Planet Interactive DOO Version Affected: 2.22.0.0, 2.49.0.0, 2.55.0.0 and 2.58.0.0 Tested on Microsoft Windows XP Professional SP2 (English) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic liquidworm gmail com Zero Science Lab - http://www.zeroscience.mk 12.12.2009 Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4929.php ----------------------------------------------------------------------------------- PoC: The issue can be triggered by entering 10+ integers in the Table field (no pass needed). Masa field: 1111111111 [ENTER] //EOF


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top