Windows XP Pro
Use firewall rules to restrict access to authorized users of the Orb server.
This issue has been fixed in version 2.01.0025, which is available on Orb's website.
Tested Systems / Software (with versions)
------------------------------------------
Orb version 2.01.0017 on Windows XP Pro SP2
Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2
Orb version 2.01.0020 on Windows XP Pro SP2
Vendor Contact
--------------
RegKey Safe for Script: False
RegkeySafe for Init: False
KillBitSet: False
The POC was tested on Windows XP Pro SP3 w/ Internet Explorer 7 - All patched
Also Windows XP Pro SP2 w/ Internet Explorer 7
By the way, props go out to shinnai for his tool, Roadmap.
Major thanks go out to HD Moore and the Metasploit project/crew =) www.metasploit.com
Thanks sCORPINo =P www.snoop-security.com
HP-UX B.11.31 (11i v3)
A.11.17.01
A.05.01, A.05.02
Red Hat Linux Advanced Server 2.1, Red Hat Enterprise Linux 3 or 4, SLES8/United Linux 1.0, Novell Linux Desktop 9, SLES9, Microsoft Windows XP Pro, Microsoft Windows 2000 Professional with SP1 or later, Windows 2003 Server Edition
A.11.16, A.11.17
A.05.00
Red Hat Enterprise Linux 4, SLES9, SLES10, Novell Linux Desktop 10.1, Windows XP Pro, Windows 2003 Server or Windows 2000 Professional with SP1 or later
A.11.16, A.11.17, A.11.17.01
#[+] Bug : EesySec Personal Firewall Remote Buffer Overflow Exploit
#[+] program Download : http://www.effectmatrix.com/easysec/
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] web site: Expl0iters.ir * Anti-security.ir
#[+] Big thnx: H4ckcity Member
use IO::Socket;
if(@ARGV < 2){
print q(
I can confirm that the PoC indeed freezes Chrome 0.2.149.29 (looks like inf loop, not responding to anything, the whole browser, not a renderer only) on Microsoft Windows Vista Ultimate SP1.
I can also confirm that the PoC DOES NOT freeze Chrome on Microsoft Windows XP Pro SP2.
Is it system dependent ?
#!/usr/bin/perl
#[+] Bug : WM Downloader (.Smi/ .Ram/ .pls/ .smil/ .wax/ .wpl File) Local Buffer Overflow Exploit
#[+] Author : the_Edit0r
# Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] Big thnx: Expl0iters.ir * Anti-security.ir
#########################################################
#EAX 00000001
#ECX 41414141
Internet Explorer 6.0
Internet Explorer 7.0
Windows XP Home
Windows XP Pro
Windows 2000
Windows 2003
Windows Vista
#[+] Bug : AiO ( All into One) Flash Mixer 3 (.afp File) Crash Vulnerability Exploit
#[+] program Download : http://www.goztun.com/download/AiOFlashMixerSetup.exe
#[+] Author : the_Edit0r
# Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] web site: Expl0iters.ir * Anti-security.ir
#[+] Big thnx: H4ckcity Member
my $crash="\x41" x 150500;
====================================================================================================
Affected operating systems:
---------------------------
Windows XP Pro
Windows 2003
Windows Vista
Windows 2008
(all service packs...)
And probably some UNIX/Linux systems with some variants... Look by yourself.
FireFox version: FireFox 3.5.2 (Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Google Chrome versions: 4.0.202.0 && 2.0.172.43 (both tested, the first is the new beta.)
Operating System: Windows XP Pro SP2
Hardware: 1.8ghz (single core) & 1GB ram.
However, I just tested the vulnerability in chrome and the incidents were different. In Google Chrome it appears to perform a deadlock of the browser while on FireFox it performs a starvation "attack" by opening a huge amount of windows and thereby eventually "killing" all the ram making Windows completely useless (almost).
The only thing I could do was to logout and then log back in. Task Manager was unable to help me even though it was set to "Always On Top". If the Task Manager was opened first then I might have had a chance but if it weren't then 4 out of 5 times the best option would be to logout and then re-login.
Internet Explorer 6.0
Internet Explorer 7.0
Windows XP Home
Windows XP Pro
Windows 2000
Windows 2003
Windows Vista
jfvanmeter@comcast.net wrote:
> Interresting, how are you running the Get command? Is safenet
> installed on a workstation or server?
Here I have Windows XP Pro SP2.
All the tests have been made using the raw GET request as I reported in
my advisory using netcat because the browsers usually modify the
delimiters or just the entire URI, for example IE converts backslashes
in slashes while Firefox drops ../ and converts \ in %5c.
#[+] Bug : FLIP Flash Album Deluxe 1.8.407.1 (.fft File) Crash Vulnerability Exploit
#[+] program Download : http://www.goztun.com/download/FlipFlashAlbumDeluxeSetup.exe
#[+] Author : the_Edit0r
# Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] web site: Expl0iters.ir * Anti-security.ir
#[+] Big thnx: H4ckcity Member
my $crash="\x41\x41\x41\x41\x41" x 100005;
rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Google Chrome versions: 4.0.202.0 && 2.0.172.43 (both tested, the first is
the new beta.)
Operating System: Windows XP Pro SP2
Hardware: 1.8ghz (single core) & 1GB ram.
However, I just tested the vulnerability in chrome and the incidents were
different. In Google Chrome it appears to perform a deadlock of the browser
while on FireFox it performs a starvation "attack" by opening a huge amount
|
