|
According to CERT this is a security flaw that was found in late July, 2004
http://www.us-cert.gov/cas/bulletins/SB04-217.html
<-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=->
Vendor & Software Name : OllyDbg version 1.10
Vulnerability - Impact : Denial of Service vulnerability exists that could allow an attacker to crash OllyDbg and execute machine code. This vulnerability is due to a format string bug in the code that handles Debugger Messages.
Patches - Workarounds : No solution is available at this time.
Attacks Scripts : A working exploit has been published.
Common Name : OllyDbg Format String Bug
Risk : High
Source : SecuriTeam, July 20, 2004
<-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=->
So it was a published exploit after the final release of 1.10, which was released June 11, 2004
Hopefully its fixed in 2.x
Peace...
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light.
|