Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8116
HistoryMar 20, 2005 - 12:00 a.m.

OllyDbg long process Module debug Vulnerability

2005-03-2000:00:00
vulners.com
21
JSON

Vendor:
Oleh Yuschuk

Application:
OllyDbg
http://home.t-online.de/home/Ollydbg/

Introduction:
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft®
Windows®.
Emphasis on binary code analysis makes it particularly useful in cases
where source is unavailable.

Affected Versions:
1.10 (final version) and prior versions.

Overview:
In OllyDbg, if a target process loads modules that contains long name
(greater than around 200 bytes), OllyDbg will be crashed.

This hole can be used for an anti-debug method for OllyDbg.

Vendor Status:
No vendor response.

Discovery:
ATmaCA
[email protected]
www.atmacasoft.com
www.spyinstructors.com
Credit to Kozan

POC:
Debug this program with OllyDbg,
when the program runs, a folder that named "olly hole" will be
created on desktop and a long named dll will be created in
this folder. then it will load this and finally
olly debug will be crashed.

http://www.atmacasoft.com/exp/OllyHole.exe

JSON