VisiWave VWR File Parsing Vulnerability

Rocco Calvi

May 20, 2011

CVE: CVE-2011-2386
Affected Vendor: VisiWave
Affected Product: VisiWave Site Survey
Exploit Type: Metasploit Module
Metasploit Module: exploit/windows/fileformat/visiwave_vwr_type

Description

A vulnerability in VisiWave Site Survey Report where VisiWaveReport.exe attempts to match a valid pointer based on the ‘Type’ property but fails to properly validate when no match is found, returning the input as a pointer for later use in a CALL instruction. This enables arbitrary code execution and bypasses ASLR and DEP protections.

References

Rapid7 Module