Moderately critical

Resource Hacker Resources String Parsing Buffer Overflow Vulnerability

-

Release Date:  2012-05-21    Views:  1,900

Secunia Advisory SA49217

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


Walied Assar has discovered a vulnerability in Resource Hacker, which can be exploited by malicious people to compromise a user's system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Resource Hacker Resources String Parsing Buffer Overflow Vulnerability

User Message
prof79 RE: Resource Hacker Resources String Parsing Buffer Overflow Vulnerability
New Member 23rd May, 2015 19:18
Score: 0
Posts: 1
User Since: 23rd May 2015
System Score: N/A
Location: AT
Last edited on 23rd May, 2015 19:18
It seems like Resource Hacker has been re-continued. I've installed 4.0.0 from http://www.angusj.com/resourcehacker/. OS properties show File Version 4.0.1.108, Product Version 3.0.0.0. Even after re-scanning, PSI 2.x still claims to see eol 3.6.0.92. Seems like the discontinuation has been hard-coded. But I can't tell if the issue has been fixed in this version.

---START---

Program Name:
Resource Hacker 3.x

Security State:
End-of-Life

Download Link:
http://www.angusj.com/resourcehacker/

Instances Found:
D:\Program Files (x86)\Tools\Resource Hacker\ResHacker.exe, version: 3.6.0.92

Last System Scan (localtime):
23. May 2015, 06:48

Operating System:
Microsoft Windows 8.1,

---END---
Was this reply relevant?
+0
-0
Maurice Joyce RE: Resource Hacker Resources String Parsing Buffer Overflow Vulnerability
Handling Contributor 24th May, 2015 01:30
Score: 11932
Posts: 9,158
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Resource Hacker 4 is not on the Secunia database - if you want them to track and report on it you need to make a programme suggestion.

If you include your email address with your submission Secunia will inform you if the file meta data is acceptable for inclusion on their database.

The EOL file is on your D drive - is that your main drive rather than C?


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.