InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities.
Bonus Bug #31
In the package amideco, which is some kind of ami bios extractor we have a simple stack overfow. Not that useful since it's not running at privs, but maybe in some scenarios it's a client side..
switch(AMIVer)
{
case 95:
PartTotal = Xtract95(ptx, HelpID, ConstOff, Offset, argv[1]);
break;
case 94:
...
byte Xtract95(FILE *ptx, byte Action, dword ConstOff, dword Offset, byte* fname)
{
FILE *pto;
interfacing interface;
byte PartTotal = 0;
PARTTag part;
byte Buf[64];
byte MyDirName[64] = "--DECO--";
dword i;
byte sLen = 0;
byte doDir = 0;
/*
For the case of multiple 0x20 modules
*/
byte Multiple = 0, j = 0;
sLen = StrLen(fname);
for ( i = sLen; i > 0; i-- )
{
if( *(fname + i) == '/' || *(fname + i ) == '\\' ) { i++; break; }
}
memcpy(MyDirName, (fname + i), sLen - i);
Exploiting the Lorex 2K Indoor Wifi at Pwn2Own Ireland
Introduction In October InfoSect participated in Pwn2Own Ireland 2024 and successfully exploited the Sonos Era 300 smart speaker and Lor...
-
InfoSect has always been committed to fostering diversity and inclusion within the cybersecurity industry, with a special focus on encourag...
-
Summary This is the next part of the C++ memory corruption series*. In this post, we'll look at corrupting the std:string object in L...
-
Syed Faraz Abrar @farazsth98 Summary In this blog post, I will provide some details on how the Chromium developers implemente...
