TeraCopy 2.3 (default.mo) Language File Integer Overflow Vulnerability

Title: TeraCopy 2.3 (default.mo) Language File Integer Overflow Vulnerability
Advisory ID: ZSL-2013-5155
Type: Local/Remote
Impact: System Access, DoS
Risk: (3/5)
Release Date: 18.09.2013
Summary
TeraCopy is designed to copy and move files at the maximum possible speed. It skips bad files during the copying process, and then displays them at the end of the transfer so that you can see which ones need attention. TeraCopy can automatically check the copied files for errors by calculating their CRC checksum values. It also provides a lot more information about the files being copied than its Windows counterpart. TeraCopy integrates with Windows Explorer's right-click menu and can be set as the default copy handler.
Description
TeraCopy is prone to an integer overflow vulnerability because it fails to perform adequate boundary checks when reading language files. Successfully exploiting this issue may allow local attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
Vendor
Code Sector - http://www.codesector.com
Affected Version
2.27 and 2.3 beta 2
Tested On
Microsoft Windows Server 2008 R2 EN (64-bit)
Microsoft Windows 7 Ultimate SP1 EN (32-bit)
Vendor Status
[13.09.2013] Vulnerability discovered.
[15.09.2013] Contact with the vendor.
[17.09.2013] No reply from the vendor.
[18.09.2013] Public security advisory released.
PoC
teracopy_io.pl
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
High five to Acka and the DV8 team
References
[1] http://packetstormsecurity.com/files/123295
[2] http://www.exploit-db.com/exploits/28375/
[3] http://cxsecurity.com/issue/WLB-2013090136
[4] http://www.securityfocus.com/bid/62492
[5] http://1337day.com/exploit/21250
[6] http://www.osvdb.org/show/osvdb/97658
Changelog
[18.09.2013] - Initial release
[19.09.2013] - Added reference [3], [4] and [5]
[25.09.2013] - Added reference [6]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk