27 lines
770 B
Text
Executable file
27 lines
770 B
Text
Executable file
GetRight Skin File (*.grs) Buffer Overflow May Let Remote Users Run Arbitrary
|
|
Code
|
|
|
|
Application: GetRight
|
|
Headlight Software
|
|
www.getright.com
|
|
|
|
Author:
|
|
ATmaCA <atmaca@prohack.net>
|
|
|
|
a remote user can create a malicious skin file (*.grs) that, when loaded by the
|
|
target user, will trigger a buffer overflow in DUNZIP32.DLL (4.0.0.3) and
|
|
potentially execute arbitrary code.
|
|
|
|
AFFECTED VERSION:
|
|
Versions verified to be vulnerable:
|
|
GetRight 5.2a and prior versions are affected.
|
|
|
|
Solutions:
|
|
There was no response.
|
|
|
|
Exploit:
|
|
http://www.exploit-db.com/sploits/c_skin.grs
|
|
When you copy or click this link, getright automaticly download and try to load
|
|
crafted skin and will trigger buffer overflow
|
|
|
|
# milw0rm.com [2004-12-06]
|