--- Begin Message ---
Hi guys, little come back after a moving.
I don't remember to have seen these details, sorry if i'm wrong.
AUTHOR
Komrade
DATE
08/10/2004
PRODUCT
Windows XP
Tested on Windows XP Service Pack 2, prior versions should have the same bugs.
DETAILS
Here is a list of some Windows XP utilities that are vulnerable to local buffer
overlows and format string bugs.
These programming errors, alone, are not security vulnerabilities (you need
local access and you don't gain more privilege), but they could became serious
security issues if someone has the possibility to remotely start a program with
at least a parameter (what happens with the "shell:" protocol security issue in
the Mozilla browser prior to version 1.7.3, that permits to remotely execute a
program and pass to it parameters).
These informations have been disclosed to inform you that if a new
vulnerability will be discovered which allows remote execution of programs
(passing parameters), all Windows XP operating system will be affected by
several remote buffer overflows and format string vulnerabilities allowing
remote code execution.
Buffer Overlow in immc.exe
POC
c:\> immc.exe aaaaaaaaaa(285 'a' characters)
Buffer Overlow in eventvwr.exe (UNICODE)
POC
c:\> eventvwr.exe aaaaaaaaaa(848 'a' characters)
Buffer Overlow in netsetup.exe
POC
c:\> netsetup.exe aaaaaaaaaa(285 'a' characters)
Buffer Overlow in mrinfo.exe
POC
c:\> mrinfo.exe aaaaaaaaaa(71 'a' characters)
Format String in sort.exe
POC
c:\> sort.exe %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
SCAN TOOL
This tool scans your pc, checking if it is affected by one of this local bugs.
This tool only makes a system() call, starting the vulnerable programs with the
opportune parameters.
http://unsecure.altervista.org/security/xplocalscan.c
Regards,
Jerome
-------------null
C est le moment de dynamiser votre boîte mail en découvrant les offres CaraMail
Premium - http://www.caramailmax.com
--- End Message ---
