Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability

Title: Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability
Advisory ID: ZSL-2012-5079
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 20.03.2012
Summary
Advanced Windows software protection system, developed for software developers who wish to protect their applications against advanced reverse engineering and software cracking.
Description
The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TMD file. Successful exploitation may allow execution of arbitrary code.
Vendor
Oreans Technologies - http://www.oreans.com
Affected Version
2.1.8.0 (32/64bit)
Tested On
Microsoft Windows XP Professional SP3 (EN) (32bit)
Microsoft Windows 7 Ultimate SP1 (EN) (64bit)
Vendor Status
N/A
PoC
themida_bof.c
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/111031
[2] http://cxsecurity.com/issue/WLB-2012030184
[3] http://www.exploit-db.com/exploits/18636/
[4] http://1337day.com/exploits/17790
[5] http://www.securityfocus.com/bid/52649
[6] http://www.osvdb.org/show/osvdb/80551
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4865
Changelog
[20.03.2012] - Initial release
[21.03.2012] - Added reference [1] and [2]
[22.03.2012] - Added reference [3], [4] and [5]
[27.03.2012] - Added reference [6]
[18.11.2012] - Added reference [7]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk