Digital Canal Structural Wind Analysis 9.1 Buffer Overflow
34216133623428476
أخبار ساخنة

Digital Canal Structural Wind Analysis 9.1 Buffer Overflow

الخط

Digital Canal Structural Wind Analysis versions 9.1 and below suffer from a buffer overflow vulnerability.


MD5 | a7290e29db03e678669abbc187954af5

Vendor: Digital Canal Structural
Equipment: Wind Analysis
Vulnerability: Stack-Based Buffer Overflow
Advisory URL:
https://ipositivesecurity.com/2017/06/15/ics-digital-canal-structural-wind-analysis-stack-buffer-overflow/

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-157-02

------------------------
AFFECTED PRODUCTS
------------------------

The following versions of Wind Analysis, a structural engineering software
platform, are affected:

Wind Analysis versions 9.1 and prior.

------------------------
IMPACT
------------------------

Successful exploitation of this vulnerability could cause the device that
the attacker is accessing to become unavailable, resulting in a denial of
service.

------------------------
VULNERABILITY OVERVIEW
------------------------

STACK-BASED BUFFER OVERFLOW CWE-121


An attacker may be able to run arbitrary code by remotely exploiting an
executable to perform a denial-of-service attack.

CVE-2017-7910
has been
assigned to this vulnerability. A CVSS v3 base score of 7.5 has been
assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

).

------------------------
Exploitation
------------------------
Note: This is a local exploit, not remote.

Vulnerable application
reconfig.exe

Exploit -> EIP overwrite
C:\dcc\wind9> reconfig.exe

Payload
aAa*576 + aBa*4 + aCa*420

+++++



نموذج الاتصال
الاسمبريد إلكترونيرسالة