119
edits
Changes
Jump to navigation
Jump to search
Line 71:
Line 71: + + + + + + + + + + + +
→Non-system applications: smilehax
| May 5, 2016
| May 5, 2016
| [[User:Dazzozo|Dazzozo]]
| [[User:Dazzozo|Dazzozo]]
|-
| SmileBASIC 3.x
| Poor parameter validation on "BGSCREEN" command
| The SmileBASIC "BGSCREEN" command's second parameter is not properly validated as being within range. As a result, one can set the screen size to an absurdly large value. This means that the "BGGET" and "BGPUT" commands can then be used on out-of-range values to read and write a significant chunk of the interpreter's address space.
With a series of carefully-designed BGPUT commands, one can build a ROP chain and cause it to be executed.
| None
| App: 3.31.
System: [[11.0.0-33]].
| July 20, 2016
| Around June 26, 2016
| slackerSnail, 12Me12, incvoid
Weaponized by MrNbaYoh and [[User:Plutooo|plutoo]].
|}
|}