All use of Secunia Advisories is for non-commercial use only. No use is permitted for commercial use. For further information, see the End User License Agreement or contact us. If you are an IT security professional, request a trial of the Secunia VIM.

 
Moderately critical

Resource Hacker Resources String Parsing Buffer Overflow Vulnerability

-

Release Date:  2012-05-21    Last Update:  2016-01-29    Views:  2,422

Secunia Advisory SA49217

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


Walied Assar has discovered a vulnerability in Resource Hacker, which can be exploited by malicious people to compromise a user's system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Resource Hacker Resources String Parsing Buffer Overflow Vulnerability

User Message
prof79 RE: Resource Hacker Resources String Parsing Buffer Overflow Vulnerability
Member 23rd May, 2015 19:18
Score: 0
Posts: 1
User Since: 23rd May 2015
System Score: N/A
Location: AT
Last edited on 23rd May, 2015 19:18
It seems like Resource Hacker has been re-continued. I've installed 4.0.0 from http://www.angusj.com/resourcehacker/. OS properties show File Version 4.0.1.108, Product Version 3.0.0.0. Even after re-scanning, PSI 2.x still claims to see eol 3.6.0.92. Seems like the discontinuation has been hard-coded. But I can't tell if the issue has been fixed in this version.

---START---

Program Name:
Resource Hacker 3.x

Security State:
End-of-Life

Download Link:
http://www.angusj.com/resourcehacker/

Instances Found:
D:\Program Files (x86)\Tools\Resource Hacker\ResHacker.exe, version: 3.6.0.92

Last System Scan (localtime):
23. May 2015, 06:48

Operating System:
Microsoft Windows 8.1,

---END---
Was this reply relevant?
+0
-0
Maurice Joyce RE: Resource Hacker Resources String Parsing Buffer Overflow Vulnerability
Handling Contributor 24th May, 2015 01:30
Score: 12099
Posts: 9,392
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Resource Hacker 4 is not on the Secunia database - if you want them to track and report on it you need to make a programme suggestion.

If you include your email address with your submission Secunia will inform you if the file meta data is acceptable for inclusion on their database.

The EOL file is on your D drive - is that your main drive rather than C?


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1607 Build 14393.447
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.