Vigil@nce: file, memory corruption via MSI
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious MSI file corrupting the memory
of the "file" utility.
Severity: 2/4
Consequences: user access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 28/04/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The "file" utility analyzes a file and displays its type. For
example:
filename: ASCII English text
filename: Bourne shell script text executable
MSI files are used to install applications under Windows.
The cdf_read_sat() function of the cdf.c file of "file" analyzes
MSI files. However, this function does not correctly validate MSI
files, which corrupts the memory.
An attacker can therefore create a malicious MSI file and invite
the victim to use the "file" utility in order to execute code on
his computer.
CHARACTERISTICS
Identifiers: 525820, BID-34745, VIGILANCE-VUL-8674
http://vigilance.fr/vulnerability/file-memory-corruption-via-MSI-8674