FlashFXP Software Client – Buffer Overflow Vulnerability
The vulnerability laboratory researcher Benjamin Kunz Mejri discovered a new issue on the famous FLashFXP Software Client by OpenSight Software. The vulnerability is located when processing to force a ListIndex Out of Bound(s) exception which allows to overwrite ecx & eip of the affected software process. Successful exploitation can result in process compromise, execution of arbitrary code, system compromise or escaltions with privileges of affected vulnerable software process.
The flaw is a direct result of a fixed length buffer being used in the TListBox control and the lack of range checking. The code assumes that the string returned by the listbox control will be less than 4097 characters.
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability
Whitehat Hacker discovered details of an application-side Facebook Studio Dashboard Vulnerability