Showing results for 
Search instead for 
Did you mean: 
Community Leader

Graphic Library Flaw Exposes Apps Created With Delphi, C++ Builder

By Eduard Kovacs on August 20, 2014

Researchers at Core Security say they have identified a security vulnerability in the Visual Component Library (VLC) that affects apps developed with Delphi and C++ Builder.

In an advisory released today, the security firm revealed that an attacker is able to trigger a buffer overflow and possibly execute arbitrary code with the aid of malformed BMP files processed through affected programs. By exploiting this security hole, an attacker could execute code with the permissions of the user running the vulnerable application.

The vulnerability, discovered as part of Core Security's internal research efforts, impacts software developed with Embarcadero C++Builder XE6 version 20.0.15596.9843, Embarcadero Delphi XE6 version 20.0.15596.9843, and possibly other 32bit and 64 bit versions. The VCL is a component-based object-oriented framework that's utilized for developing the user interface of Windows applications, and it is integrated by default in these development environments.


Community Leader