-==PVDasm Long Name Debug Vulnerability==-

/*

[N]eo [S]ecurity [T]eam [NST]® - Advisory #10 - 19/03/05

Program: PVDasm
Homepage: http://pvdasm.reverse-engineering.net/
Vulnerable Versions: v1.6b & lowers
Risk: Medium!!
Impact: Long Name Debug Vulnerability

-==PVDasm Long Name Debug Vulnerability==-

• Description

---

Proview (a.k.a: PVDasm) is: Interactive, Multi-Cpu (x86/Chip8)
Disassembler.
the Disassembler engine has been coded by (Ben) and it's free for Public
Usage.
Proview (PVDasm) is my attempt to make a Disassembler as a part for school
final
project and for basic knowledge & fun!
PVDasm is fully coded in C (IDE: MS-VC++.6.0), a bit of C++ Classes and STL
Templates for internal memory management.

• Tested

---

Windows XP non-SP

• Explotation

---

If PVDasm load a file with more than 100 characters it will
crash. This can be use for anti-debuging techniques.

• Exploit

---

Pick any *.exe and change the name for more than 100 Characters or letters
and PVDasm will crash.

• Solutions

---

Not Yet xD

• References

---

http://neosecurityteam.net/Advisories/Advisory-10.txt

• Credits

---

Discovered by HaCkZaTaN <[email protected]>

[N]eo [S]ecurity [T]eam [NST]® - http://neosecurityteam.net/

Got Questions? http://neosecurityteam.net/

Irc.InfoGroup.cl #neosecurityteam

• Greets

---

       Paisterist
       T0wn3r
       LINUX
       Heap
       Nitrous
       CrashCool
       eL_mEsIaS
       Makoki
       KingMetal

       And my Colombian people

    @@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
    '@@@@@''@@'@@@''''''''@@''@@@''@@
    '@@'@@@@@@''@@@@@@@@@'''''@@@
    '@@'''@@@@'''''''''@@@''''@@@
    @@@@''''@@'@@@@@@@@@@''''@@@@@

*/