Hispasec Lab Blog

Opera and FireFox contains vulnerable code for handling BMP files with partial palette. The code allows to craft a BMP file that leaks information from the heap. This information can be sent to remote server using canvas tag (HTML 5) and javascript.


See the demonstration video at:
http://blog.hispasec.com/lab/files/ff_2_0_0_11.avi (5.7mb, AVI, DivX 6.6.1)

Read more at:
/advisories/adv_Opera_and_Firefox_Remote_Memory_Information_Leak.txt

Enriva Development Magellan Explorer is an award winning Windows file explorer with a
built-in support for FTP protocol.

Magellan Explorer fails to correctly handle file names on remote FTP servers
while downloading them to a local drive. This may lead to a directory traversal
if a malformed file name contains relative path.
Successful exploitation may lead to a full scale system compromise.

Read more at:
/advisories/adv_MagellanExplorer_3_32_Remote_Traversal.txt

Unreal Commander is an award winning freeware file manager for Windows
98/ME/2000/XP/2003/Vista. The application support multiple archive
formats, has a built-in ftp client, and other features.

Unreal Commander fails to correctly handle malformed file name while downloading
a remote file from a malformed FTP server to a local hard driver. This allows an
attacker to perform a directory traversal attack. Successful exploitation may
lead to a full scale system compromise.

Unreal Commander also fails to correctly handle FTP reponses. This can lead to
the application entering an infinite loop, denying service to the legitimate
user.

Read more at:
/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt

Christian Ghislers Total Commander is a popular Windows file explorer with a
built-in support for FTP protocol.

Total Commander is vulnerable to remote file name spoofing leading to local
directory traversal while downloading a file from a malformed FTP server.
Successful exploitation may lead to a full scale system compromise.

Read more at:
/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt

StarCraft is a real-time strategy game by Blizzard Entertainment.

StarCraft fails to handle exceptional conditions when generating a
minimap preview of a malformed map. Additionally, since StarCraft
includes a map distribution mechanizm (allowing players that do not
own a map to download it when entering a game) it is possible to send
a malformed map to a player that enters the game, and so, remotlly DoS
his application.

Read more at:
/advisories/adv_StarCraft-1_15_1_Remote_DoS.txt

Unreal Commander is an award winning freeware file manager for Windows 98/ME/2000/XP/2003/Vista. The application support multiple archive formats, has a built-in ftp client, and other features.

Unreal Commander fails to check user-supplied input while processing ZIP and RAR archives. A malformed ZIP or RAR file can be used to perform a directory traversal attack and place malware files in a location selected by the attacker. Successful exploitation can lead to a full compromitation of the system.

Read more at:
/advisories/adv_UnrealCommander_0_92_build_573_Multiple_Vulnerabilities.txt

Fileinfo is a lister plugin for Total Commander, made by Francois Gannier. It allows the user to view the structure of MZ, PE and COFF files.

Fileinfo fails to check the sanity of input data, which successfully exploited can lead to denying service to the legitimate user or can allow injection of additional false information to the displayed ones.

Read more at:
/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt