Release date:
Updated on:
Affected Systems:
Heaventools Software PE Explorer 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53618
PE Explorer is a visual Chinese integration tool that allows you to directly browse and modify software resources, including menus, dialogs, and string tables. In addition, it also supports decompilation of W32DASM software.
PE Explorer 1.99 R6 has an error in parsing the strings in the resources of the PE file. You can use a special resource string to cause heap buffer overflow and arbitrary code execution, successful exploitation must trick users into processing malicious users.
<* Source: waliedassar
Link: http://secunia.com/advisories/49239/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Heaventools Software
--------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.heaventools.com/overview.htm