Flat Assembler Stack-Based Buffer Overflow Vulnerability (CVE-2017-20228)
Flat Assembler version 1.71.21 is susceptible to a stack-based buffer overflow vulnerability, allowing local attackers to achieve arbitrary code execution by providing a crafted, oversized input file.
The Flat Assembler (FASM) version 1.71.21 is vulnerable to a stack-based buffer overflow (CVE-2017-20228). This vulnerability allows a local attacker to execute arbitrary code on a vulnerable system. The attack requires the attacker to supply a specially crafted assembly file as input to FASM. By providing an input file larger than 5895 bytes, the attacker can overwrite the instruction pointer, leading to arbitrary code execution. This is achieved through return-oriented programming (ROP)…
Detection coverage 2
Detect Suspicious Flat Assembler Execution
mediumDetects execution of Flat Assembler (fasm.exe) with abnormally large input file sizes, which might indicate exploitation of CVE-2017-20228.
Detect Suspicious File Creation by Flat Assembler
lowDetects creation of executable files by Flat Assembler (fasm.exe) which might indicate exploitation of CVE-2017-20228.
Detection queries are kept inside the platform. Get full rules →