IRAI AUTOMGEN Buffer Overflow Vulnerability
October 10, 2011
Luigi Auriemma publically disclosed a vulnerability in the
IRAI AUTOMGEN application making it prone to multiple remote
code-execution vulnerabilities because it fails to properly
validate user-supplied input.
The vulnerability is caused due to a use-after-free error
when processing Project files and can be exploited to
reference freed memory as a function pointer via a specially
crafted ".agn" file.
Attackers can exploit these issues to execute arbitrary code
in the context of the user running the affected application.
Failed exploits can trigger a denial-of-service condition.
AUTOMGEN 8.0.0.7 is vulnerable; other versions may also be
affected.