Talos is releasing an advisory for multiple vulnerabilities that have been found within the Total Commander FileInfo Plugin. These vulnerabilities are local denial of service flaws and have been assigned CVE-2015-2869. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been disclosed to the plugin author(s) and CERT. This post serves as a summary of the advisory.
Credit for these discoveries belongs to Marcin Noga of Talos.
TALOS-2015-024/CVE-2015-2869
An attacker who controls the content of a COFF Archive Library (.lib) file can can cause an out of bounds read by specifying overly large values for the 'Size' field of the Archive Member Header or the "Number Of Symbols" field in the 1st Linker Member. The second half of the vulnerability concerns an attacker who controls the content of a Linear Executable file can cause an out of bounds read by specifying overly large values for the "Resource Table Count" field of the LE Header or the "Object" field at offset 0x8 from a "Resource Table Entry". An attacker who successfully exploits this vulnerability can cause the Total Commander application to unexpectedly terminate.
These vulnerabilities has been tested against FileInfo 2.21 and FileInfo 2.22.
Product URL
http://www.totalcmd.net/plugring/fileinfo.html
Finding and disclosing zero-day vulnerabilities responsibly helps improve the overall security of the devices and software people use on a day-to-day basis. Talos is committed to this effort via developing programmatic ways to identify problems or flaws that could be otherwise exploited by malicious attackers. These developments help secure the platforms and software customers use and also help provide insight into how Cisco can improve its own processes to develop better products.
For further zero day or vulnerability reports and information visit:
http://talosintel.com/vulnerability-reports/