NOTE: As i found few days before the bug was found few months ago - not by me:) hehe anyway i decided to describe more technical stuff so have phun. OllyDbg Format String Buffer Overflow by Piotr Bania http://pb.specialised.info Severity: High / Medium - code execution. Version affected: Probably all versions, tested on v1.10. I. BACKGROUND "OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable." II. DESCRIPTION Vulnerability takes place when special crafted message is send to debugger (so called output debug string exceptions/events) while file is debugged. Here is the vulnerable code: .text:0042E124 push ebx ; arglist .text:0042E125 mov eax, [ebp+format] .text:0042E128 push eax ; format .text:0042E129 lea edx, [ebp+buffer] .text:0042E12F push edx ; buffer .text:0042E130 call _vsprintf Attacker can place a format string chars inside "format" buffor and cause _vsprintf to overwrite arbitary data. III. IMPACT This vulnerability after successful exploitation can allow the attacker to run arbitrary code in context of current user. Of course if the exploitation was not successful OllyDbg will fault and loose all debugged data. IV. POC CODE POC code was released for this issue.