Michael Kohn VB2C 0.02 - '.FRM' File Remote Buffer Overflow

Author: Qiao Zhang
type: remote
platform: windows
port: 
date_added: 2004-12-15 
date_updated: 2013-04-30 
verified: 1 
codes: CVE-2004-1298;OSVDB-12469 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/12020/info

VB2C is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain unauthorized access to a computer in the context of the application.

An attacker can exploit this issue by crafting a malicious FRM file that contains excessive string data, replacement memory addresses, and executable instructions to trigger this issue.

If a user obtains this file and processes it through the application, the attacker-supplied instructions may be executed on the vulnerable computer. It is reported that successful exploitation may result in a compromise in the context of the application.

VB2C version 0.02 is reported prone to this vulnerability. It is likely that other versions are affected as well.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25020.zip