Computech Wordlist Builder DIC File Buffer Overflow

Added: 09/26/2011
BID: 47113

Background

Computech Wordlist Builder is a simple utility that generates sorted wordlists based on contents of documents.

Problem

A stack overflow condition exists in Wordlist Builder 1.0 due the use of a fixed-length buffer used to read words from the .DIC file dictionary list. A word with more than 4k characters will corrupt the stack and may allow an attacker to execute arbitrary code on the system.

Resolution

No updates are available at this time.

References

http://net-effects.blogspot.com/2011/04/word-list-builder-buffer-overflow-write.html
http://download.cnet.com/Word-List-Builder/3000-2121_4-10398336.html

Limitations

This exploit has been tested against Computech Word List Builder 1.0 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows

Back to exploit index