Executive Summary

Summary
Title Embarcadero Delphi and C++Builder VCL BMP file processing buffer overflow
Informations
Name VU#646748 First vendor Publication 2014-09-11
Vendor VU-CERT Last vendor Modification 2014-09-11
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#646748

Embarcadero Delphi and C++Builder VCL BMP file processing buffer overflow

Original Release date: 11 Sep 2014 | Last revised: 11 Sep 2014

Overview

Embarcadero Delphi and C++ Builder Visual Component Library (VCL) bitmap (BMP) file processing code contains a buffer overflow that could allow an attacker to execute arbitrary code.

Description

Embarcadero Delphi and C++ Builder tools contain a buffer overflow (CWE-119) in VCL BMP file processing code (Vcl.Graphics.TPicture.Bitmap). Core Security Technologies advisory CORE-2014-0004 provides further details, including more specific information about vulnerable development tools. Any application built with a vulnerable VCL version are likely to also be vulnerable.

Impact

An attacker who can cause a vulnerable application to process a specially crafted BMP file could execute arbitrary code. Whether or not the attacker is remote or authenticated depends on the interfaces and behavior of the vulnerable application.

Solution

Update

Embarcadero has released a hotfix for XE6-series tools and provided documentation for older tools on how to modify VCL source code.

Rebuild applications

After updating using the hotfix or manually editing the VCL source code, rebuild applications using the updated VCL code.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Embarcadero TechnologiesAffected09 Jul 201411 Sep 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal6.8E:POC/RL:ND/RC:C
Environmental5.1CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow
  • http://docwiki.embarcadero.com/Libraries/XE6/en/Vcl.Graphics.TPicture.Bitmap
  • http://qc.embarcadero.com/wc/qcmain.aspx?d=126004
  • http://support.embarcadero.com/article/44015
  • http://cwe.mitre.org/data/definitions/119.html

Credit

Thanks to Marcos Accossatto and JoaquÌn RodrÌguez Varela from Core Security Technologies and Mike Devery from Embarcadero.

This document was written by Art Manion.

Other Information

  • CVE IDs:CVE-2014-0993
  • Date Public:20 Aug 2014
  • Date First Published:11 Sep 2014
  • Date Last Updated:11 Sep 2014
  • Document Revision:23

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/646748

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-09-15 21:30:47
  • Multiple Updates
2014-09-12 00:22:14
  • Multiple Updates
2014-09-11 21:23:12
  • First insertion