TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability

2015.11.16
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

#!/usr/bin/perl # # # TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability # # # Vendor: TECO Electric and Machinery Co., Ltd. # Product web page: http://www.teco-group.eu # Download: http://globalsa.teco.com.tw/support_download.aspx?KindID=9 # Affected version: 1.094 # # Summary: AP-PCLINK is the supportive software for TP03 or AP series, providing # three edit modes as LADDER, IL, FBDand SFC, by which programs can be input rapidly # and correctly. Every form written into the TP03 or AP series and AP-PCLINK can # be monitored in the form of the data. # # Desc: The vulnerability is caused due to a boundary error in the processing # of a project file, which can be exploited to cause a buffer overflow when a # user opens e.g. a specially crafted .TPC file. Successful exploitation could # allow execution of arbitrary code on the affected machine. # # --------------------------------------------------------------------------------- # Critical error detected c0000374 # (1950.ff0): Break instruction exception - code 80000003 (first chance) # eax=00000000 ebx=00000000 ecx=76f70b42 edx=0018d98d esi=00360000 edi=41414141 # eip=76fce725 esp=0018dbe0 ebp=0018dc58 iopl=0 nv up ei pl nz na po nc # cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200202 # ntdll!RtlpNtEnumerateSubKey+0x1af8: # 76fce725 cc int 3 # --------------------------------------------------------------------------------- # # Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit # Microsoft Windows 7 Ultimate SP1 (EN) 64bit # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # @zeroscience # # # Advisory ID: ZSL-2015-5278 # Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5278.php # # # 09.10.2015 # PoC: - http://zeroscience.mk/codes/aptpc-5278.zip

References:

http://zeroscience.mk/codes/aptpc-5278.zip
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5278.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top