[ICS] Digital Canal Structural Wind Analysis Stack Buffer Overflow
ICS-CERT published an advisory on one of my reports this week –
Vendor: Digital Canal Structural
Equipment: Wind Analysis
Vulnerability: Stack-Based Buffer Overflow
The following versions of Wind Analysis, a structural engineering software platform, are affected:
Wind Analysis versions 9.1 and prior.
Successful exploitation of this vulnerability could cause the device that the attacker is accessing to become unavailable, resulting in a denial of service.
Digital Canal Structural recommends that users upgrade to the latest version of the software, which can be obtained from the following location:
An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.
Note: This is a local exploit, not remote.
“A”*576 + “B”*4 + “C”*420
Screenshots -> EIP overwrite