Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0993 PoC — Embarcadero Delphi XE6和C++ Builder XE6 Visual Component Library 缓冲区溢出漏洞

Source
https://github.com/helpsystems/Embarcadero-Workaround
Associated Vulnerability
Title:Embarcadero Delphi XE6和C++ Builder XE6 Visual Component Library 缓冲区溢出漏洞 (CVE-2014-0993)
Description:Embarcadero Visual Component Library(VCL)是美国英巴卡迪诺(Embarcadero)公司的一个Object Pascal Windows编程的应用程序架构,也是Delphi、C++Builder等编程语言的基本类库。 Embarcadero Delphi XE6 20.0.15596.9843版本和C++ Builder XE6 20.0.15596.9843版本的VCL中的Vcl.Graphics.TPicture.Bitmap实现中存在缓冲区溢出漏洞。远程攻击者
Description
This is a workaround for CVE-2014-0993 and CVE-2014-0994 that patches on memory without the need to recompile your vulnerable software. This is not the Embarcadero official fix, this is only CORE Security workaround.
Readme
##What is Embarcadero Workaround ?
  This is an unofficial "patch" for "Embarcadero VCL Library Stack/Heap Overflow" (CVE-2014-0993 and CVE-2014-0994).

##Which Software versions does this workaround support?
  32-bit software compiled with Delphi and C++ Builder where the "VCL library" was included, as long as the library is statically linked into the main executable.

##Is it necessary to install this workaround to use?
  No instalation needed.

##What does this workaround contains ?
  It contains two tools:
   - "Embarcadero-Workaround.exe"
   - "Embarcadero-Protector.exe"

##What do you need to execute this workaround ?
  For "Embarcadero-Workaround.exe", a doble click is enough to protect your vulnerable programs.
Anyways, if you want to make this workaround persistent, you can add this one to the "Windows -> Startup" menu.
  For "Embarcadero-Protector.exe", you need to pass the process ID parameter as process to be protected. I only recommended this for experimented users.

##How does this workaround work ?
  For "Embarcadero-Workaround.exe", this tool find a specific pattern on the memory of each system's active process.
  For "Embarcadero-Protector.exe", this tool find a specific pattern on the target process's memory.

If this pattern is found, an "IF" is injected in the memory space of the vulnerable process.
Once the process was protected, if a crafted BITMAP file is opened, a WARNING will appear on the screen and the process will be terminated.

##What Does this workaround prevent ?
  This workaround prevents that your computer be owned by exploit/virus attacks that use as vector the "Embarcadero VCL Library's Stack/Heap Overflow" (CVE-2014-0993 and CVE-2014-0994).

##Licensing
  Embarcadero Workaround is released under FreeBSD license.
File Snapshot

 [4.0K]  /data/pocs/c095f8fa12f2951e1662bfa52f5f9af484f7aa22
├── [4.0K]  binaries
│   ├── [ 60K]  Embarcadero-Protector.exe
│   └── [ 60K]  Embarcadero-Workaround.exe
├── [ 346]  INSTALL.txt
├── [1.3K]  LICENSE.txt
├── [1.7K]  README.md
└── [4.0K]  src
    ├── [ 13K]  Embarcadero-HotFix.c
    ├── [1.1K]  Embarcadero-Protector.c
    ├── [8.9K]  Embarcadero-Workaround.cpp
    ├── [ 16K]  list.cpp
    └── [ 294]  make.bat

2 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.