Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

[CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow

Are the LMD Tools image components affected by this issue?
Embarcadero indicates they have a fix for Delphi XE6
http://qc.embarcadero.com/wc/qcmain.aspx?d=126004



However, it is unclear if the LMD Tools components themselves are affected (they have the same problem in this code), or if they just need to be re-built with the fix applied to the IDE (because the problem is in Delphi Image handling).

1. *Advisory
Information*



    Title: Delphi and C++ Builder VCL library Buffer Overflow

    Advisory ID: CORE-2014-0004

    Advisory URL:

http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow

    Date published: 2014-08-20

    Date of last update: 2014-08-20

    Vendors contacted: Embarcadero

    Release mode: Coordinated release





2. *Vulnerability Information*



    Class: Buffer overflow [CWE-119]

    Impact: Code execution

    Remotely Exploitable: No

    Locally Exploitable: Yes

    CVE Name: CVE-2014-0993





3. *Vulnerability Description*



    Applications developed with Delphi and C++ Builder [1] that use
the

specific

    integrated graphic library detailed below are prone to a security

vulnerability when processing malformed BMP

    files. The aforementioned vulnerability has been found in the VCL

(Visual Component Library)  allowing an attacker to use

    a specially crafted BMP file that produces a buffer overflow and

potentially allows him to execute arbitrary

    code by performing a "client side" attack.




Comments

Sign In or Register to comment.