[Bf-committers] Fwd: BlenderPlayer and Blender 2.37 local
bufferoverflow exploit
Tom M
letterrip at gmail.com
Fri Sep 30 11:58:09 CEST 2005
> I bet you can hack any .exe to do evil stuff? Or not... please advise!
Well any program that uses unsecure functions (ie string functions
that don't check if the input exceeds the buffer size), can
potentially be exploited with a buffer overflow, see this page for
details.
http://sunsite.uakom.sk/sunworldonline/swol-08-1998/swol-08-security.html
He isn't 'hacking the .exe' his bit of code just runs the
blenderplayer.exe with a particular input that is formed to
demonstrate the exploit.
Anyway if you replace the functions in the above with an equivalent
version that checks buffer size, chances are that will eliminate the
exploit (I haven't looked to be sure that that is the case though...).
LetterRip
More information about the Bf-committers
mailing list