Monday, June 24, 2013

PEiD Memory Corruption Vulnerability

PEiD is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files. This portable tool is very popular among malware researchers for detection of packers / cryptors.



A memory corruption issue can be triggered by feeding a specially crafted Windows Portable Executable file into PEiD v 0.95.Exploitation of this issue requires the user to explicitly open a specially crafted EXE file. So the PEiD user should refrain from opening files from un-trusted third parties or accessing un-trusted remote sites.

Affected Version of PEiD is 0.95. This software is not under active development. Last stable version released on November 6th, 2008. So its still Unpatched.

Advisory:

http://www.securityfocus.com/bid/60730/info

Analysis of this Vulnerability: