Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

IRAI AUTOMGEN <= 8.0.0.7 Use After Free

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 35 Views

IRAIAUTOMGEN <= 8.0.0.7 Use After Fre

Code

                                                #######################################################################

                             Luigi Auriemma

Application:  IRAI AUTOMGEN
              http://www.irai.com/a8e/
Versions:     &#60;= 8.0.0.7 (aka 8.022)
Platforms:    Windows
Bug:          use after free
Exploitation: file
Date:         10 Oct 2011
Author:       Luigi Auriemma
              e-mail: [email protected]
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


From vendor&#39;s website:
&#34;Universal automation workshop
Fonctionnalities : automation projects creation for PLC and
microprocessors, SCADA, Web SCADA, 3D process simulation, etc.&#34;


#######################################################################

======
2) Bug
======


Use after free in the handling of project files containing some
malformed fields like the size of the embedded zip archive or some
counters that may allow code execution.

No additional research performed because it was only a quick test, the
following are various examples of locations for the possible code
execution:

  00460ee6 8b01            mov     eax,dword ptr [ecx]
  00460ee8 6a01            push    1
  00460eea ff5004          call    dword ptr [eax+4]

  005239ca 8b06            mov     eax,dword ptr [esi]
  005239cc 8bce            mov     ecx,esi
  005239ce ff5010          call    dword ptr [eax+10h]

  0040d11b 8b16            mov     edx,dword ptr [esi]
  0040d11d 6a00            push    0
  0040d11f 50              push    eax
  0040d120 8bce            mov     ecx,esi
  0040d122 ff9288000000    call    dword ptr [edx+88h]


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/automgen_1.zip
http://www.exploit-db.com/sploits/17964.zip


#######################################################################

======
4) Fix
======


No fix.


#######################################################################

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
iraiautomgenversion8.0.0.7windowsuseafterfreefileluigiauriemmacodeexecutionexploit
35