|
MAME 0.140 corrupted zip causes write-AV
#237658 - 10/29/10 07:34 PM
|
|
|
Malformed zip causes heap corruption in MAME memory. A specially-crafted file could be used to execute arbitrary code with the privileges of the logged-on user.
I have an example that produces a crash, but it's 900kb large.
|
|
|
Stiletto |
|
They're always after me Lucky ROMS!
|
|
|
|
|
|
Reged: 03/07/04
|
|
Posts: 6472
|
|
|
|
|
|
Send PM
|
|
|
Re: MAME 0.140 corrupted zip causes write-AV
[Re: peter ferrie]
#238147 - 11/05/10 11:03 PM
|
|
|
> Malformed zip causes heap corruption in MAME memory. A specially-crafted file could
> be used to execute arbitrary code with the privileges of the logged-on user.
>
> I have an example that produces a crash, but it's 900kb large.
Sounds like someone could go poison a ROM site with specially crafted ZIP files.
...
Oh no! 
- Stiletto
|
|
|
|
Re: MAME 0.140 corrupted zip causes write-AV
[Re: Stiletto]
#238225 - 11/06/10 10:40 PM
|
|
|
What, those particular ROM sites that were last updated in 2004 but still say MAME - latest? 
Those ROM sites are the reason why we get so many people asking why the new MAME doesn't support A, B or C, and why their version of 'MAME32' errors out under Windows 7! Shut the sites down and put everyone out of their misery... Better to have 0 ROMs out there than illegally hosting terabytes of useless junk that was released when most processors were still in the megahertz range and running a DOS-based operating system.
|
|
|
| Naoki |
|
|
|
|
|
|
Reged: 11/10/09
|
|
Posts: 1998
|
|
Loc: United Kingdom
|
|
|
|
Send PM
|
|
|
Re: MAME 0.140 corrupted zip causes write-AV
[Re: Heihachi_73]
#238227 - 11/06/10 10:49 PM
|
|
|
> Shut the sites down and put everyone out of their misery... Better to have 0 ROMs
> out there than illegally hosting terabytes of useless junk that was released when
> most processors were still in the megahertz range and running a DOS-based operating
> system.
I still have a 233 MHz Pc with a DOS-Based OS, so, the sites aren't completely useless, just mostly useless 
|
----
On a quest for Digital 573 and Dancing Stage EuroMix 2
By gods I've found it!
|
|
| casm |
|
Cinematronics > *
|
|
|
|
|
Reged: 08/27/07
|
|
Posts: 668
|
|
|
|
|
|
Send PM
|
|
|
Re: MAME 0.140 corrupted zip causes write-AV
[Re: peter ferrie]
#238238 - 11/07/10 01:12 AM
|
|
|
> Malformed zip causes heap corruption in MAME memory. A specially-crafted file could
> be used to execute arbitrary code with the privileges of the logged-on user.
>
> I have an example that produces a crash, but it's 900kb large.
Question for you in light of R. Belmont's reply from a week ago on pretty much this exact topic: are you bringing this up because of a concern as to how MAME may affect the overall security stance of a system, or because it's something that you believe to be a valid bug and feel that as such it should receive attention?
Just mentioning this because one would likely be a more effective avenue to take than the other in terms of remedying the situation.
|
|
|
|
Re: MAME 0.140 corrupted zip causes write-AV
[Re: casm]
#238278 - 11/07/10 08:55 PM
|
|
|
I posted this before I saw R.Belmont's reply, but that reply invalidates this post.
|
|
|
|
Re: MAME 0.140 corrupted zip causes write-AV
[Re: Stiletto]
#238279 - 11/07/10 08:57 PM
|
|
|
Oooh, Dragon's Lair finally released! Heh.
It will happen and the pirates will cry.
|
|
|
Index 
Threaded 
MAME 0.140 corrupted zip causes write-AV
Reply
[Re: 
