← Advisories

Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability

Medium

Advisory ID

ZSL-2010-4929

Release Date

03 March 2010

Vendor

Planet Interactive DOO - http://www.planet.com.mk

Affected Version

2.22.0.0, 2.49.0.0, 2.55.0.0 and 2.58.0.0

CVE

N/A

Tested On

Microsoft Windows XP Professional SP2 (English)

Summary

Deimos Kasa is a Windows restaurant management software.

Description

Deimos Kasa is prone to an integer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input in the table field. Successfully exploiting these issues may allow local attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Proof of Concept

deimos_iof.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://packetstormsecurity.org/filedesc/ZSL-2010-4929.txt.html

[2]http://securityreason.com/wlb_show/WLB-2010030021

Changelog

03.03.2010Initial release

07.03.2010Added reference [1]

11.03.2010Added reference [2]