← Advisories

Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability

High
Advisory ID
ZSL-2012-5079
Release Date
20 March 2012
Vendor
Oreans Technologies - http://www.oreans.com
Affected Version
2.1.8.0 (32/64bit)
CVE
CVE-2012-4865
Tested On
Microsoft Windows XP Professional SP3 (EN) (32bit), Microsoft Windows 7 Ultimate SP1 (EN) (64bit)
Summary

Advanced Windows software protection system, developed for software developers who wish to protect their applications against advanced reverse engineering and software cracking.

Description

The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TMD file. Successful exploitation may allow execution of arbitrary code.

Proof of Concept
themida_bof.cTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.org/files/111031
[2]http://cxsecurity.com/issue/WLB-2012030184
[3]http://www.exploit-db.com/exploits/18636/
[4]http://1337day.com/exploits/17790
[5]http://www.securityfocus.com/bid/52649
[6]http://www.osvdb.org/show/osvdb/80551
[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4865
Changelog
20.03.2012Initial release
21.03.2012Added reference [1] and [2]
22.03.2012Added reference [3], [4] and [5]
27.03.2012Added reference [6]
18.11.2012Added reference [7]