PEiD – Access Out of Boundary Memory Vulnerability

This is a vulnerability I discovered in PEiD v0.95, which is the latest version. The vulnerability was tested on Windows 7 and Windows XP. It’s triggered when the PointerToRawData of the last section causes integer overflow when subtracted from file size.

Here’s a pseudocode to what’s going on:


which is implemented here


then later:


which is implemented here


if file is accepted as a valid PE, then when scanning the last section, PEiD will crash:


A PoC file can be downloaded from here

Leave a Reply

Your email address will not be published. Required fields are marked *