Buffer Overflow Vulnerability in Embarcadero Delphi and C++ Builder
CVE-2014-0993

Currently unrated

Key Information:

Vendor: Embarcadero
Status: Embarcadero Delphi Xe6; Embarcadero C\+\+builder Xe6
Vendor: CVE Published:; 15 September 2014

🔔 Create Embarcadero Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2014-0993?

A buffer overflow vulnerability exists in the Bitmap handling implementation within the Visual Component Library (VCL) of Embarcadero's Delphi XE6 and C++ Builder. This flaw can be exploited by remote attackers through specially crafted BMP files, allowing for the execution of arbitrary code on the affected systems. Proper validation and handling of image input are crucial to mitigate risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Embarcadero-Workaround
Created by helpsystems

References

http://www.kb.cert.org/vuls/id/646748

third-party-advisoryx_refsource_CERT-VN

http://www.coresecurity.com/advisories/delphi-and-c-build...

x_refsource_MISC

http://support.embarcadero.com/article/44015

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 22, 2014
👾
Exploit known to exist
Sep 22, 2014
Vulnerability published
Sep 15, 2014
Vulnerability Reserved
Jan 7, 2014

JSON