-==PVDasm Long Name Debug Vulnerability==-
/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #10 - 19/03/05
--------------------------------------------------------
Program: PVDasm
Homepage: http://pvdasm.reverse-engineering.net/
Vulnerable Versions: v1.6b & lowers
Risk: Medium!!
Impact: Long Name Debug Vulnerability
-==PVDasm Long Name Debug Vulnerability==-
---------------------------------------------------------
- Description
---------------------------------------------------------
Proview (a.k.a: PVDasm) is: Interactive, Multi-Cpu (x86/Chip8) Disassembler.
the Disassembler engine has been coded by (Ben) and it's free for Public Usage.
Proview (PVDasm) is my attempt to make a Disassembler as a part for school final
project and for basic knowledge & fun!
PVDasm is fully coded in C (IDE: MS-VC++.6.0), a bit of C++ Classes and STL
Templates for internal memory management.
- Tested
---------------------------------------------------------
Windows XP non-SP
- Explotation
---------------------------------------------------------
If PVDasm load a file with more than 100 characters it will
crash. This can be use for anti-debuging techniques.
- Exploit
---------------------------------------------------------
Pick any *.exe and change the name for more than 100 Characters or letters
and PVDasm will crash.
- Solutions
--------------------------------------------------------
Not Yet xD
- References
--------------------------------------------------------
http://neosecurityteam.net/Advisories/Advisory-10.txt
- Credits
-------------------------------------------------
Discovered by HaCkZaTaN <hck_zatan@xxxxxxxxxxx>
[N]eo [S]ecurity [T]eam [NST]® - http://neosecurityteam.net/
Got Questions? http://neosecurityteam.net/
Irc.InfoGroup.cl #neosecurityteam
- Greets
--------------------------------------------------------
Paisterist
T0wn3r
LINUX
Heap
Nitrous
CrashCool
eL_mEsIaS
Makoki
KingMetal
And my Colombian people
@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
'@@@@@''@@'@@@''''''''@@''@@@''@@
'@@'@@@@@@''@@@@@@@@@'''''@@@
'@@'''@@@@'''''''''@@@''''@@@
@@@@''''@@'@@@@@@@@@@''''@@@@@
*/