Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability
Title: Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability
Advisory ID: ZSL-2010-4929
Type: Local
Impact: System Access, DoS
Risk: (3/5)
Release Date: 03.03.2010
[2] http://securityreason.com/wlb_show/WLB-2010030021
[07.03.2010] - Added reference [1]
[11.03.2010] - Added reference [2]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4929
Type: Local
Impact: System Access, DoS
Risk: (3/5)
Release Date: 03.03.2010
Summary
Deimos Kasa is a Windows restaurant management software.Description
Deimos Kasa is prone to an integer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input in the table field. Successfully exploiting these issues may allow local attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.Vendor
Planet Interactive DOO - http://www.planet.com.mkAffected Version
2.22.0.0, 2.49.0.0, 2.55.0.0 and 2.58.0.0Tested On
Microsoft Windows XP Professional SP2 (English)Vendor Status
N/APoC
deimos_iof.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://packetstormsecurity.org/filedesc/ZSL-2010-4929.txt.html[2] http://securityreason.com/wlb_show/WLB-2010030021
Changelog
[03.03.2010] - Initial release[07.03.2010] - Added reference [1]
[11.03.2010] - Added reference [2]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk