Buffer overflow in Cain&Abel password recovery tool
An exploit for open source password recovery tool Cain&Abel which uses a crafted file of a recorded remote desktop protocol (RDP) connection has been disclosed. The file provokes a buffer overflow when reading in data using the Remote Desktop Password Decoder. This can be exploited to inject code onto a system and execute it with the user's privileges. A further exploit not only demonstrates the buffer overflow, it also shows how the Windows calculator can be opened using injected shell code.
A quick test by heise Security using Cain&Abel version 4.9.25 under Windows XP SP2 failed to open the calculator. However the bug was discovered in versions 4.9.24 and 4.9.23. Further tests will be required to determine whether the bug has been fixed in 4.9.25 or whether the exploit simply doesn't work properly.
- Cain & Abel Buffer overflow Exploit, notes from Encrypt3d.M!nd