Wednesday, September 2, 2009

Secunia PSI (RC3) - memory corruption

Secunia PSI (Release Candidate 3) appears vulnerable to some memory corruption conditions.
This kind of issues are usually detected in release candidate. This kind of bugs, IMHO, may be used for support analysis based on binary diff using the historical releases of an application for obtain a delta of "critical" zone. But, again, it's only my opinion.

Anyway the following screen shots shown the JIT debugger (IDA Pro) behavior:

The first return point within the PSI process context



The second return point in the PSI.exe context



The third...



The fourth...



The fifth... I am able to count untill five :)



The dialog box about it:



Feedback are welcome.

UPDATE: the vendor report this issue as a bug releated to a deprecated PSI release.