发布时间 :2004-07-27 00:00:00
修订时间 :2017-10-10 21:29:31

[原文]Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.

[CNNVD]OllyDbg Debugger消息格式串处理漏洞(CNNVD-200407-059)


- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  FULLDISC  20040717 [FMADV] Format String Bug in OllyDbg 1.10
(UNKNOWN)  BUGTRAQ  20040717 [FMADV] Format String Bug in OllyDbg 1.10
(UNKNOWN)  XF  ollydbg-outputdebugstring-format-string(16711)

- 漏洞信息

OllyDbg Debugger消息格式串处理漏洞
高危 输入验证
2004-07-27 00:00:00 2005-10-20 00:00:00

- 公告与补丁


- 漏洞信息 (388)

Ollydbg <= 1.10 Format String Bug (EDBID:388)
windows local
2004-08-10 Verified
0 Ahmet Cihan
N/A [点击下载]
// Exploit opens a new cmd.exe.Tested on win2k(en)+sp4(en)+ollydbg v1.09d
// Open exploit with ollydebug and run the exploit from ollydebug(F9 key).
// Coded by Ahmet Cihan(a.k.a. hurby)
// Thanx to r3d_b4r0n, Murat Erdo??an(a.k.a. Stormwr), Onur Cihan(a.k.a.eurnie and 3710336), Orhan Tun????z and Mehmet Yakut.

#include <stdio.h>
#include <windows.h>
#include <winbase.h>

#pragma comment(lib,"kernel32.lib")

void main(){
        unsigned char buffer[] =


// [2004-08-10]

- 漏洞信息

OllyDbg OutputDebugString Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-07-17 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OllyDbg Debugger Messages Format String Vulnerability
Input Validation Error 10742
Yes No
2004-07-17 12:00:00 2007-04-17 10:41:00
Discovery is credited to ned <>.

- 受影响的程序版本

OllyDbg OllyDbg 1.10
OllyDbg OllyDbg 1.0 9
OllyDbg OllyDbg 1.0 8b
OllyDbg OllyDbg 1.0 6

- 漏洞讨论

OllyDbg is prone to a format-string vulnerability.

This issue occurs when the application handles debugger messages that contain format specifiers.

Debugging a malicious program that is designed to exploit this issue could crash the application or allow arbitrary code to run in the context of the user running the debugger.

- 漏洞利用

The following exploit was provided:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 相关参考