Log In
Register
Semisecure Login is not enabled!
Please enable JavaScript and use a modern browser to ensure that your password is encrypted.
Home
Topic RSS
12:35
Special guest
March 25, 2010
Offline
Advisory : CORELAN-10-049
Disclosure date : May 2, 2010
CVE :
http://www.corelan.be:8800/adv…..LAN-10-049
00 : Vulnerability information
Product : Power Tab Editor
Version : 1.7 (Build 80) (latest version)
Vendor : Power Tab Software Collection
URL : http://www.power-tab.net/
Platform : Windows
Type of vulnerability : Stack buffer overflow
Risk rating : High
Issue fixed in version : not fixed
Vulnerability discovered by : Sud0
Corelan Team :
http://www.corelan.be:8800/index.php/security/corelan-team-members/
01 : Vendor description of software
02 : Vulnerability details
A flaw in how the application handles the font name defined in the ptb file which an attacker can utilize in a manner other than the designer intended. This allows the attacker to run arbitrary-code execution on the victims machine when a specially crafted PTB file has been open within the application.
03 : Author/Vendor communication
May 16th, 2010 : author contacted
May 24th, 2010 : sent reminder
June 11th, 2010 : No response, public disclosure
04: Proof of Concept
Most Users Ever Online: 91
Currently Online:
6 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mr_me: 313
Lincoln: 198
rick2600: 181
redsees: 179
MaRkO T.: 174
ekse: 144
Edi: 127
Sud0: 95
sinn3r: 88
jacktheripper: 78
Member Stats:
Guest Posters: 1
Members: 9447
Moderators: 1
Admins: 1
Forum Stats:
Groups: 6
Forums: 70
Topics: 1078
Posts: 6454
Newest Members: Bunny, rzld, mryv, oneian, saruhand, gun4liv, almughairi, lightningtechie, silicrax, sncz
Moderators: Peter Van Eeckhoutte (2872)
Administrators: Peter Van Eeckhoutte (2872)
