Computech Wordlist Builder DIC File Buffer Overflow

2011-09-26T00:00:00
ID SAINT:AA58DD5A7E978EA713EF2E394EE06BBE
Type saint
Reporter SAINT Corporation
Modified 2011-09-26T00:00:00

Description

Added: 09/26/2011
BID: 47113

Background

Computech Wordlist Builder is a simple utility that generates sorted wordlists based on contents of documents.

Problem

A stack overflow condition exists in Wordlist Builder 1.0 due the use of a fixed-length buffer used to read words from the .DIC file dictionary list. A word with more than 4k characters will corrupt the stack and may allow an attacker to execute arbitrary code on the system.

Resolution

No updates are available at this time.

References

<http://net-effects.blogspot.com/2011/04/word-list-builder-buffer-overflow-write.html>
<http://download.cnet.com/Word-List-Builder/3000-2121_4-10398336.html>

Limitations

This exploit has been tested against Computech Word List Builder 1.0 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows