[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability

Author
LiquidWorm
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11188
Category
local exploits
Date add
06-03-2010
Platform
unsorted
================================================================
Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability
================================================================

Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability


Summary: Deimos Kasa is a Windows restaurant management software.

Desc: Deimos Kasa is prone to an integer overflow vulnerability because
it fails to perform adequate boundary checks on user-supplied input
in the table field. Successfully exploiting these issues may allow
local attackers to execute arbitrary code in the context of the
application. Failed exploit attempts will cause denial-of-service
conditions.

Product web page: http://www.planet.com.mk

Vendor: Planet Interactive DOO

Version Affected: 2.22.0.0, 2.49.0.0, 2.55.0.0 and 2.58.0.0

Tested on Microsoft Windows XP Professional SP2 (English)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

liquidworm gmail com

Zero Science Lab - http://www.zeroscience.mk

12.12.2009

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4929.php

---------------------------------------------------------------------------
--------


PoC:

The issue can be triggered by entering 10+ integers in the Table field (no
pass needed).

Masa field: 1111111111 [ENTER]



#  0day.today [2024-12-26]  #