Info

Disclosure

Apr 14, 2005

Discovery

Unknown

Dates

Exploit

Apr 14, 2005

Solution

Unknown

Description

X-Ways WinHex contains a flaw that may allow either a Remote or Local denial of service. The issue is triggered when an attacker sends a specially-crafted file name to a buffer causing a heap-based overflow, and will result in loss of availability for the WinHex Application. This application typically does not run with any elevated privileges and requires command line interaction from a user.

Classification

Location: Local Access Required, Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Available
OSVDB: Concern

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

X-Ways

WinHex

12.05 SR-14

References

Security Tracker: 1013727
CVE ID: 2005-1187 (see also: NVD)
ISS X-Force ID: 20139
Other Advisory URL: http://www.unl0ck.org/files/papers/winhex.txt
Vendor URL: http://www.x-ways.net/winhex/index-m.html

Credit

darkeagle - darkeagleunl0ck.org -

Direct URL: http://osvdb.org/36218