Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability

The Altova DatabaseSpy 2011 Enterprise Edition suffers from a buffer overflow/memory corruption vulnerability when handling project files (.qprj). The issue is triggered because there is no boundry checking of some XML tag property values, ex: <Folder FolderName=”SQL” Type=”AAAAAAA…./>” (~1000 bytes). This can aid the attacker to execute arbitrary machine code in the context of an affected node (locally and remotely) via file crafting or computer-based social engineering.

Advisory ID: ZSL-2010-4971
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4971.php
Advisory TXT: http://www.zeroscience.mk/codes/dbspy_bof.txt

Comment are closed.