Vulners
Lucene search
eSignal and eSignal Pro <= 10.6.2425.1208 Multiple Vulnerabilites
#######################################################################
Luigi Auriemma
Application: eSignal and eSignal Pro
http://www.esignal.com/esignal/default.aspx
Versions: <= 10.6.2425.1208
Platforms: Windows
Bugs: A] code execution
B] heap overflow
Exploitation: file
Date: 06 Sep 2011
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bugs
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
From vendor's website:
"eSignal is an all-in-one trading platform that includes the data,
tools and functionality serious individual traders and professionals
need to keep them at the top of their game."
#######################################################################
=======
2) Bugs
=======
-----------------
A] code execution
-----------------
The software is unable to handle the "<StyleTemplate>" files (even
those original included in the program) like those with the registered
extensions QUO, SUM and POR:
eax=00000001 ebx=00000000 ecx=61616161 edx=02830000 esi=0012f020 edi=03ed97f0
eip=61616161 esp=0012efb8 ebp=0012f088 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
61616161 ?? ???
----------------
B] heap overflow
----------------
Heap overflow during the handling of the Font->FaceName field of the
various files that use it like ETS, ETQ, ESK and so on:
eax=04255aa8 ebx=0012f004 ecx=04255ab4 edx=61616160 esi=0012f004 edi=61616161
eip=781f3a31 esp=0012ef94 ebp=0012efa4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
MFC80+0x23a31:
781f3a31 8b07 mov eax,dword ptr [edi] ds:0023:61616161=????????
781f3a33 8bcf mov ecx,edi
781f3a35 ff500c call dword ptr [eax+0Ch]
or
eax=04012d40 ebx=00000000 ecx=04012d40 edx=61616161 esi=040129b0 edi=0012cfd4
eip=7822c445 esp=0012ce58 ebp=0012ce6c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
MFC80+0x5c445:
7822c445 ff9270010000 call dword ptr [edx+170h] ds:0023:616162d1=????????
#######################################################################
===========
3) The Code
===========
http://aluigi.org/poc/esignal_1.zip
http://www.exploit-db.com/sploits/17837.zip
#######################################################################
======
4) Fix
======
No fix.
#######################################################################
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1