####################################################################### Luigi Auriemma Application: ProWizard http://asle.free.fr/prowiz/ Versions: <= 1.62 Platforms: Windows, *nix and Amiga Bug: various buffer-overflow vulnerabilities Exploitation: local Date: 19 Dec 2007 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== ProWizard (prowiz) is an easy-to-use music ripper for various old MOD packed formats. It's mainly a stand-alone program but it's implemented also inside WinUAE for the real-time ripping of the music during the execution of the emulated programs and parts of it are used in other softwares like Extended Module Player (xmp). ####################################################################### ====== 2) Bug ====== The code of some of the rippers implemented in prowiz is affected by some buffer-overflow vulnerabilities usually caused by arrays of 128 elements where the max supported is 255 or some samples arrays of 31 instead of 255 or more elements. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/prowizbof.zip note: this basic proof-of-concept tests only 4 of the various rippers affected by the problems. ####################################################################### ====== 4) Fix ====== The problems will be corrected in the next version. #######################################################################