Hispasec Lab Blog

FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Opera and FireFox contains vulnerable code for handling BMP files with partial palette. The code allows to craft a BMP file that leaks information from the heap. This information can be sent to remote server using canvas tag (HTML 5) and javascript. See the demonstration video at: http://blog.hispasec.com/lab/files/ff_2_0_0_11.avi (5.7mb, AVI, DivX 6.6.1) Read more at: /advisories/adv_Opera_and_Firefox_Remote_Memory_Information_Leak.txt

Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal

Enriva Development Magellan Explorer is an award winning Windows file explorer with a built-in support for FTP protocol. Magellan Explorer fails to correctly handle file names on remote FTP servers while downloading them to a local drive. This may lead to a directory traversal if a malformed file name contains relative path. Successful exploitation may lead to a full scale system compromise. Read more at: /advisories/adv_MagellanExplorer_3_32_Remote_Traversal.txt

X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities

Unreal Commander is an award winning freeware file manager for Windows 98/ME/2000/XP/2003/Vista. The application support multiple archive formats, has a built-in ftp client, and other features. Unreal Commander fails to correctly handle malformed file name while downloading a remote file from a malformed FTP server to a local hard driver. This allows an attacker to perform a directory traversal attack. Successful exploitation may lead to a full scale system compromise. Unreal Commander also fails to correctly handle FTP reponses. This can lead to the application entering an infinite loop, denying service to the legitimate user. Read more at: /advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt

Total Commander 7.01 Remote FTP Client Directory Traversal

Christian Ghislers Total Commander is a popular Windows file explorer with a built-in support for FTP protocol. Total Commander is vulnerable to remote file name spoofing leading to local directory traversal while downloading a file from a malformed FTP server. Successful exploitation may lead to a full scale system compromise. Read more at: /advisories/adv_TotalCommander_7_01_Remote_Traversal.txt

Blizzard StarCraft Brood War 1.15.1 Remote DoS

StarCraft is a real-time strategy game by Blizzard Entertainment. StarCraft fails to handle exceptional conditions when generating a minimap preview of a malformed map. Additionally, since StarCraft includes a map distribution mechanizm (allowing players that do not own a map to download it when entering a game) it is possible to send a malformed map to a player that enters the game, and so, remotlly DoS his application. Read more at: /advisories/adv_StarCraft-1_15_1_Remote_DoS.txt

X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities

Unreal Commander is an award winning freeware file manager for Windows 98/ME/2000/XP/2003/Vista. The application support multiple archive formats, has a built-in ftp client, and other features. Unreal Commander fails to check user-supplied input while processing ZIP and RAR archives. A malformed ZIP or RAR file can be used to perform a directory traversal attack and place malware files in a location selected by the attacker. Successful exploitation can lead to a full compromitation of the system. Read more at: /advisories/adv_UnrealCommander_0_92_build_573_Multiple_Vulnerabilities.txt

Fileinfo 2.0.9 multiple vulnerabilities

Fileinfo is a lister plugin for Total Commander, made by Francois Gannier. It allows the user to view the structure of MZ, PE and COFF files. Fileinfo fails to check the sanity of input data, which successfully exploited can lead to denying service to the legitimate user or can allow injection of additional false information to the displayed ones. Read more at: /advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt