← Advisories

TeraCopy 2.3 (default.mo) Language File Integer Overflow Vulnerability

Medium
Advisory ID
ZSL-2013-5155
Release Date
18 September 2013
Vendor
Code Sector - http://www.codesector.com
Affected Version
2.27 and 2.3 beta 2
CVE
N/A
Tested On
Microsoft Windows Server 2008 R2 EN (64-bit), Microsoft Windows 7 Ultimate SP1 EN (32-bit)
Summary

TeraCopy is designed to copy and move files at the maximum possible speed. It skips bad files during the copying process, and then displays them at the end of the transfer so that you can see which ones need attention. TeraCopy can automatically check the copied files for errors by calculating their CRC checksum values. It also provides a lot more information about the files being copied than its Windows counterpart. TeraCopy integrates with Windows Explorer's right-click menu and can be set as the default copy handler.

Description

TeraCopy is prone to an integer overflow vulnerability because it fails to perform adequate boundary checks when reading language files. Successfully exploiting this issue may allow local attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Proof of Concept
teracopy_io.plTXT
Disclosure Timeline
13.09.2013Vulnerability discovered.
15.09.2013Contact with the vendor.
17.09.2013No reply from the vendor.
18.09.2013Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
High five to Acka and the DV8 team
References
[1]http://packetstormsecurity.com/files/123295
[2]http://www.exploit-db.com/exploits/28375/
[3]http://cxsecurity.com/issue/WLB-2013090136
[4]http://www.securityfocus.com/bid/62492
[5]http://1337day.com/exploit/21250
[6]http://www.osvdb.org/show/osvdb/97658
Changelog
18.09.2013Initial release
19.09.2013Added reference [3], [4] and [5]
25.09.2013Added reference [6]