By Eduard Kovacs on August 20, 2014 Researchers at Core Security say they have identified a security vulnerability in the Visual Component Library (VLC) that affects apps developed with Delphi and C++ Builder.
In an advisory released today, the security firm revealed that an attacker is able to trigger a buffer overflow and possibly execute arbitrary code with the aid of malformed BMP files processed through affected programs. By exploiting this security hole, an attacker could execute code with the permissions of the user running the vulnerable application.
The vulnerability, discovered as part of Core Security's internal research efforts, impacts software developed with Embarcadero C++Builder XE6 version 20.0.15596.9843, Embarcadero Delphi XE6 version 20.0.15596.9843, and possibly other 32bit and 64 bit versions. The VCL is a component-based object-oriented framework that's utilized for developing the user interface of Windows applications, and it is integrated by default in these development environments.
SecurityWeek/ full article here/http://www.securityweek.com/graphic-library-flaw-exposes-apps-created-delphi-c-builder
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.