CFF Explorer 7.9 & Secunia

Today I’ve received a Secunia report email about a buffer overflow vulnerability in the CFF Explorer. I was quite amused =). I mean, I usually get emails sent me by users about bugs in the CFF, never got an email by Secunia before.

However, it’s always good to get bug reports. The bug itself was related to a string overflow in the resource editor. I put string safe functions quite some time ago in the old kernel of the CFF, but apparently I missed one.

So, since I had already the project open to fix this bug, I also added support for .NET unoptimized metadata streams. Which is the most important new feature in this release.

This entry was posted in Update and tagged . Bookmark the permalink.

6 Responses to CFF Explorer 7.9 & Secunia

  1. It's me says:

    It seems like i found another little bug. I’ve discovered that your CFF Explorer (very good proggie) doesn’t like files with virtual sections (i.e. with zero Raw Size) – it get confused and makes mistakes when shows section names where located Export Directory RVA, Import Directory RVA and so forth. Also, it fills Raw Size with Virtual Size value (instead of keeping it zero) while rebuild file with Rebuilder.

  2. Anonymous says:

    Hello, could you please confirm which versions of Windows your programs can run on, and whether they require any frameworks/packages? Particularly the Explorer Suite and the PE Detective programs. Thanks!

  3. They should run without any dependency (apart the Signature Explorer) on any Windows system starting from Windows 2000. =)

  4. Thanks! The bug is in the todo list.

  5. Maria Chacon says:

    Hi Daniel,

    You are doing a great job!. I am a new user of CFF Explorer. I just want to ask you if this tool is just for Windows or it can be used for Linux as well. Thank you!

  6. Hey! Thanks. It can be used on Linux using Wine. But it is intended for Windows executables!

Leave a Reply

Your email address will not be published. Required fields are marked *