################################# Filealyzer 1.6.0.4 Stak overflow Vendor url:http://www.safer-networking.org/ Advisore:http://lostmon.blogspot.com/ 2008/09/filealyzer-1604-stak-overflow.html Vendor notify:yes exploit:PRIVATE ############################### ############################# Overview By vendor ############################# http://www.safer-networking.org/en/filealyzer/index.html FileAlyzer is a tool to analyze files - the name itself was initially just a typo of FileAnalyzer, but after a few days I decided to keep it. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE). Using FileAlyzer is as simple as viewing the regular properties of a file - just right-click the file you want to analyze and choose Open in FileAlyzer. ################### Description of bug ################### http://forums.spybot.info/showthread.php?t=34737 Filealyzer is prone vulnerable to a stack overflow wen parsing a malformed exe file with a malformed version information. The asm code reveals that the application fails in a instruction wen try to move EAX register value to EAX register again. http://usuarios.lycos.es/reyfuss/xss/images/filealyzer_crash.GIF ####################### Signature for identify ####################### This information Is of IDīs Systems or antivirus or antispyware software to easy detect. filesize=327168 timestamp[file]=2008-08-26 14:24:23 md5=B84ADA93FAEB728F024687A6127B5AAB crc32=4629A2C8 exists[authx509]=0 ###################### Solution ################### No sulution at this time !!! ############## Time Line ############## Discovered:02-07-2008 Vendor notify:28-09-2008 Disclosure:28-09-2008 ##################€nd############## -- Thnx to estrella to be my ligth Thnx To FalconDeOro for his support Thnx To Imydes From http://www.imydes.com -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....