Filealyzer 1.6.0.4 Stak overflow

Sunday, September 28, 2008
#################################
Filealyzer 1.6.0.4 Stak overflow
Vendor url:http://www.safer-networking.org/
Advisore:http://lostmon.blogspot.com/
2008/09/filealyzer-1604-stak-overflow.html
Vendor notify:yes exploit:PRIVATE
###############################


#############################
Overview By vendor
#############################

http://www.safer-networking.org/en/filealyzer/index.html

FileAlyzer is a tool to analyze files - the name itself
was initially just a typo of FileAnalyzer, but after a
few days I decided to keep it. FileAlyzer allows a basic
analysis of files (showing file properties and file contents
in hex dump form) and is able to interpret common file
contents like resources structures (like text, graphics,
HTML, media and PE).

Using FileAlyzer is as simple as viewing the regular properties
of a file - just right-click the file you want to analyze and
choose Open in FileAlyzer.

###################
Description of bug
###################

http://forums.spybot.info/showthread.php?t=34737

Filealyzer is prone vulnerable to a stack overflow
wen parsing a malformed exe file with a malformed
version information.

The asm code reveals that the application fails
in a instruction wen try to move EAX register value
to EAX register again.




#######################
Signature for identify
#######################

This information Is of ID´s Systems
or antivirus or antispyware software
to easy detect.

filesize=327168
timestamp[file]=2008-08-26 14:24:23
md5=B84ADA93FAEB728F024687A6127B5AAB
crc32=4629A2C8
exists[authx509]=0

######################
Solution
###################

No sulution at this time !!!

##############
Time Line
##############

Discovered:02-07-2008
Vendor notify:28-09-2008
Disclosure:28-09-2008

##################€nd##############
--
Thnx to estrella to be my ligth
Thnx To FalconDeOro for his support
Thnx To Imydes From http://www.imydes.com

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...