Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
In this Discussion
- Rafael Maricca (LMD) September 2014
- SilverKnight September 2014
[CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow
Are the LMD Tools image components affected by this issue?
Embarcadero indicates they have a fix for Delphi XE6
http://qc.embarcadero.com/wc/qcmain.aspx?d=126004
However, it is unclear if the LMD Tools components themselves are affected (they have the same problem in this code), or if they just need to be re-built with the fix applied to the IDE (because the problem is in Delphi Image handling).
1. *Advisory
Information*
Title: Delphi and C++ Builder VCL library Buffer Overflow
Advisory ID: CORE-2014-0004
Advisory URL:
http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow
Date published: 2014-08-20
Date of last update: 2014-08-20
Vendors contacted: Embarcadero
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Buffer overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: No
Locally Exploitable: Yes
CVE Name: CVE-2014-0993
3. *Vulnerability Description*
Applications developed with Delphi and C++ Builder [1] that use
the
specific
integrated graphic library detailed below are prone to a security
vulnerability when processing malformed BMP
files. The aforementioned vulnerability has been found in the VCL
(Visual Component Library) allowing an attacker to use
a specially crafted BMP file that produces a buffer overflow and
potentially allows him to execute arbitrary
code by performing a "client side" attack.
Embarcadero indicates they have a fix for Delphi XE6
http://qc.embarcadero.com/wc/qcmain.aspx?d=126004
However, it is unclear if the LMD Tools components themselves are affected (they have the same problem in this code), or if they just need to be re-built with the fix applied to the IDE (because the problem is in Delphi Image handling).
1. *Advisory
Information*
Title: Delphi and C++ Builder VCL library Buffer Overflow
Advisory ID: CORE-2014-0004
Advisory URL:
http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow
Date published: 2014-08-20
Date of last update: 2014-08-20
Vendors contacted: Embarcadero
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Buffer overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: No
Locally Exploitable: Yes
CVE Name: CVE-2014-0993
3. *Vulnerability Description*
Applications developed with Delphi and C++ Builder [1] that use
the
specific
integrated graphic library detailed below are prone to a security
vulnerability when processing malformed BMP
files. The aforementioned vulnerability has been found in the VCL
(Visual Component Library) allowing an attacker to use
a specially crafted BMP file that produces a buffer overflow and
potentially allows him to execute arbitrary
code by performing a "client side" attack.
Tagged:
Comments
It appears the 'official' fix from Embarcadero will be included in XE7
Issue QC126004 appears 11th from the bottom of the fix list. Embarcadero indicated this will be the only fix released (no retroactive patches for versions < XE7)
http://edn.embarcadero.com/article/44049
BMP Buffer Overflow hotfix - Delphi, C++Builder, RAD Studio XE6
http://cc.embarcadero.com/item/29913Apparently, a DIB Palette can't have more than 256 colors - and this is the source of the overflow:
[a direct memory copy beyond the allowable Palette size]
See here on how to fix Delphi versions < XE6
http://support.embarcadero.com/article/44015