Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   OllyDbg Vendors:   Yuschuk, Oleh
OllyDbg Error in Loading Processes With Long Names Lets Users Crash the Debugger
SecurityTracker Alert ID:  1013478
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 19 2005
Impact:   Denial of service via local system
Exploit Included:  Yes  
Version(s): 1.10 and prior versions
Description:   ATmaCA reported a vulnerability in OllyDbg. A user can cause OllyDbg to crash.

A user can create a specially crafted DLL filename that, when loaded as a process, will trigger the flaw and cause OllyDbg to crash. A name longer than approximately 200 bytes can trigger the flaw.

A demonstration exploit is provided:

ATmaCA discovered this vulnerability, with credit given to Kozan

Impact:   A user can cause OllyDbg to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  OllyDbg long process Module debug Vulnerability

Oleh Yuschuk


Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

Affected Versions:
1.10 (final version) and prior versions.

In OllyDbg, if a target process loads modules that contains long name 
(greater than around 200 bytes), OllyDbg will be crashed.

This hole can be used for an anti-debug method for OllyDbg.

Vendor Status:
No vendor response.

Credit to Kozan

Debug this program with OllyDbg,
when the program runs, a folder that named "olly hole" will be 
created on desktop and a long named dll will be created in 
this folder.  then it will load this and finally
olly debug will be crashed.

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC