Netsprint Toolbar 1.1 arbitrary remote code vulnerability

["Michal Bucko" <michal.bucko () hack pl>]

Synopsis:  Netsprint Toolbar 1.1 arbitrary remote code vulnerability
Product:   Netsprint Toolbar
Version:   1.1

Author:    Michal Bucko (sapheal)


Issue:
======

Function of a prototype isChecked (char*) (in toolbar.dll) is vulnerable to 
buffer 
overrun. Arbitrary code execution might be possible.The problem occurs when 

767B49  MOV ECX,[EAX+140]        

data is being copied into the buffer of an insufficient size.



Impact:
=======

Remote arbitrary code execution.


Credits:
========

Michal Bucko (sapheal)



Disclaimer:
===========

This  document and all the information it contains are provided "as is",
for educational purposes only, without warranty  of  any  kind,  whether
express or implied.

The  authors reserve the right not to be responsible for the topicality,
correctness, completeness or quality of  the  information   provided  in
this  document.  Liability  claims regarding damage caused by the use of
any information provided, including any kind  of  information  which  is
incomplete or incorrect, will therefore be rejected.