IDA Pro QNX File Loader Denial of Service

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by a denial
of service vulnerability.

Description :

The version of IDA Pro, an interactive disassembler, installed on the
remote host is older than 5.7. Such versions are reportedly affected
by an integer overflow when loading QNX files.

By tricking a user into loading a specially crafted QNX file in IDA
Pro, it may be possible for the attacker to cause the loader to go
into an infinite loop, consuming 100% of the CPU and resulting in a
denial of service.

See also :

http://www.securityfocus.com/archive/1/512052/30/0/threaded
http://www.hex-rays.com/idapro/57/index.htm

Solution :

Upgrade to IDA Pro 5.7 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 47828 (ida_pro_57.nasl)

Bugtraq ID: 41201

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now