eSignal and eSignal Pro 10.6.2425.1208 – Multiple Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： Luigi Auriemma
  日期： 2011-09-14
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17837/

• #######################################################################
  
   Luigi Auriemma
  
  Application:eSignal and eSignal Pro
  http://www.esignal.com/esignal/default.aspx
  Versions: <= 10.6.2425.1208
  Platforms:Windows
  Bugs: A] code execution
  B] heap overflow
  Exploitation: file
  Date: 06 Sep 2011
  Author: Luigi Auriemma
  e-mail: aluigi@autistici.org
  web:aluigi.org
  
  
  #######################################################################
  
  
  1) Introduction
  2) Bugs
  3) The Code
  4) Fix
  
  
  #######################################################################
  
  ===============
  1) Introduction
  ===============
  
  
  From vendor's website:
  "eSignal is an all-in-one trading platform that includes the data,
  tools and functionality serious individual traders and professionals
  need to keep them at the top of their game."
  
  
  #######################################################################
  
  =======
  2) Bugs
  =======
  
  -----------------
  A] code execution
  -----------------
  
  The software is unable to handle the "<StyleTemplate>" files (even
  those original included in the program) like those with the registered
  extensions QUO, SUM and POR:
  
  eax=00000001 ebx=00000000 ecx=61616161 edx=02830000 esi=0012f020 edi=03ed97f0
  eip=61616161 esp=0012efb8 ebp=0012f088 iopl=0 nv up ei pl nz ac po nc
  cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010212
  61616161 ?????
  
  
  ----------------
  B] heap overflow
  ----------------
  
  Heap overflow during the handling of the Font->FaceName field of the
  various files that use it like ETS, ETQ, ESK and so on:
  
  eax=04255aa8 ebx=0012f004 ecx=04255ab4 edx=61616160 esi=0012f004 edi=61616161
  eip=781f3a31 esp=0012ef94 ebp=0012efa4 iopl=0 nv up ei pl nz na pe nc
  cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010206
  MFC80+0x23a31:
  781f3a31 8b07mov eax,dword ptr [edi]ds:0023:61616161=????????
  781f3a33 8bcfmov ecx,edi
  781f3a35 ff500ccalldword ptr [eax+0Ch]
  or
  eax=04012d40 ebx=00000000 ecx=04012d40 edx=61616161 esi=040129b0 edi=0012cfd4
  eip=7822c445 esp=0012ce58 ebp=0012ce6c iopl=0 nv up ei pl nz na po nc
  cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010202
  MFC80+0x5c445:
  7822c445 ff9270010000calldword ptr [edx+170h] ds:0023:616162d1=????????
  
  
  #######################################################################
  
  ===========
  3) The Code
  ===========
  
  
  http://aluigi.org/poc/esignal_1.zip
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17837.zip
  
  
  #######################################################################
  
  ======
  4) Fix
  ======
  
  
  No fix.
  
  
  #######################################################################