Next Page >>
Windows XP Professional
Vulnerable applications:
(OS is Windows XP Professional SP3 with all current updates, unless
otherwise noted)
ESET NOD32 Antivirus 5.0.93.0, 5.0.94.0 and earlier
4.2.71.2 and earlier
The following Python code will generate an HTML file that, when opened
on a machine with Web Print Object installed, will launch the Windows
Calculator as a proof of the possibility to execute arbitrary code on a
machine that has the vulnerable ActiveX component installed. This Proof
of Concept was tested in Windows XP Professional SP2 with Internet
Explorer 6.0.2900.2180, and Windows XP Professional SP3 with Internet
Explorer 6.0.2900.3264, but can be easily modified to work in other
platforms.
/-----------
#####################################################################################
Application: Panda Global Protection 2010
Panda Internet Security 2010
Platforms: Windows XP Professional SP & windows Vista SP1
Exploitation: Local Privilege Escalation
Date: 2009-10-27
#####################################################################################
Application: Pegasus Mail Client
Platforms: Windows XP Professional SP2
Exploitation: remote BoF
Date: 2009-10-06
PRL> #####################################################################################
PRL> Application: Panda Global Protection 2010
PRL> Panda Internet Security 2010
PRL> Platforms: Windows XP Professional SP & windows Vista SP1
PRL> Exploitation: Local Privilege Escalation
PRL> Date: 2009-10-27
Windows 7 Enterprise SP1 32-bit and 64-bit
Windows 7 Professional SP1 32-bit and 64-bit
Windows Vista Business SP2 32-bit and 64-bit
Windows Vista Enterprise SP2 32-bit and 64-bit
Windows XP Professional SP3
Description:
domain controller, see the link below.
http://www.youtube.com/watch?v=u8pfXW7crEQ
To watch a demonstration of this policy being applied to a shared but
unjoined Windows XP Professional machine, see the link below.
http://www.youtube.com/watch?v=u7Y6d-BVwxk
On Windows NT4, the following knowledgebase article explains how to disable the
NTVDM and WOWEXEC subsystems.
--------------------
PacketTrap Networks, Inc. released a patch (#3302) for this flaw on February 29, 2008.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
Hello Susan!
If Microsoft did it, than it's good. But better for my opinion to do such as
in Windows XP Professional - not to disable admin account by default, but to
make password of default admin account similar to password of first admin
(during installation process). Because if default admin account will be
enabled later (with empty password) and will forget to set new password,
than it'll be much worse.
I'm not using Vista, so I can't check this issue on any of my computers. And
Microsoft Windows Storage Server 2003 (incl. R2)
Microsoft Windows 2000 Server / Advanced Server SP4
Microsoft Windows Small Business Server 2000 SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Microsoft Windows XP Professional / Home SP2
==================
Linux Operating Systems
==================
Red Hat Enterprise Linux (WS/ES/AS) 5
Red Hat Enterprise Linux (WS/ES/AS) 4
#####################################################################################
Application: Rising Firewall 2009
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
Microsoft Windows 2000 Professional SP4
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Microsoft Windows XP Professional / Home SP2
Linux Operating Systems
Red Hat Enterprise Linux (WS/ES/AS) 5
Red Hat Enterprise Linux (WS/ES/AS) 4
--------------------
PacketTrap Networks, Inc. released a patch (#3302) for this flaw on February 29, 2008.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
Tested Versions:
Internet Explorer 7.0.5730.11
Tested OS:
Windows XP Professional SP2 Italian
Minded Security ReferenceID:
MSA01240108
Credits:
--------------------
PacketTrap Networks, Inc. released a patch (#3302) for this flaw on February 29, 2008.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
#####################################################################################
Application: My Remote File Server
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
No patch is available at this time.
Tested Systems / Software (with versions)
------------------------------------------
Ubuntu Linux 9.10: Mozilla Firefox 3.5.9
Windows XP Professional Service Pack 3: Windows Internet Explorer 7.0.5730.13, Mozilla Firefox 3.6.3
Vendor Contact
--------------
Vendor Name: Adaptive Micro Systems Inc.
Vendor Website: http://www.adaptivedisplays.com/Default.asp
Microsoft Windows 2000 Professional SP4
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Microsoft Windows XP Professional / Home SP2
RESOLUTION
HP has provided upgrades to resolve this vulnerability.
http://www.krakowlabs.com/dev/exp/KL0209EXP-poppeeper_uidl-bof.pl.txt
The exploit code has been tested in the following environment(s):
Windows XP Professional with Service Pack 3 on x86 Architecture
Result: SUCCESS
-------------------------------------------------------------------------------------------------------------------------
>> After publication of information about Insufficient Authentication
>> vulnerability in Acer notebooks
>> (http://www.securityfocus.com/archive/1/503398/30/0/), I decided to
>> investigate all notebooks of my friends. Particularly I checked two
>> Asus
>> notebooks: at one with Windows XP Professional there is no such
>> vulnerability, at another with Windows XP Home Edition there is such
>> vulnerability.
>>
>> In Windows XP Home in default administrator's account
>> "Administrator" there
import sys
import string
print "\n\n***VLC Player M3U file ftp:// URI Handler Remote Stack Buffer Overflow***\n"
#Tested on Microsoft Windows XP Professional SP3
# Application Vulnerable: VLC Media Player v1.0.5 (Goldeneye)
# Not Vulnerable: VLC Media Player v1.1.0 (The Luggage), Checked on windows 7
#edx register points to our data afetr 4255 bytes
buf1 = "ftp://" + "PRAV" + "\x44" * 4251
http://www.krakowlabs.com/dev/exp/KL0309EXP-poppeeper_date-bof.pl.txt
The exploit code has been tested in the following environment(s):
Windows XP Professional with Service Pack 3 on x86 Architecture
Result: SUCCESS
---------------------------------------------------------
MustLive wrote:
> Hello Susan!
>
> If Microsoft did it, than it's good. But better for my opinion to do
> such as
> in Windows XP Professional - not to disable admin account by default,
> but to
> make password of default admin account similar to password of first admin
> (during installation process). Because if default admin account will be
> enabled later (with empty password) and will forget to set new password,
> than it'll be much worse.
#####################################################################################
Application: XLPD 3.0 Remote DoS
Platforms: Windows XP Professional SP2
crash: YES
Exploitation: remote DoS
Both ingredients provide for an exploitable heap corruption as attackers
control how much data is allocated on the heap and also how much data
is copied into the allocated buffer. It was possible to successfully
exploit this issue on the following Windows versions:
- Windows XP Professional SP3 32-bit (with 4GB RAM)
- Windows Vista Home Premium SP2 32-bit
- Windows Vista Business SP2 32-bit and 64-bit
- Windows 7 Home Premium SP1 64-bit
- Windows 7 Professional SP1 64-bit
- Windows 7 Enterprise SP1 32-bit and 64-bit
--------------------
Filter network traffic so that only trusted users can access the web interface.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows
Vendor Contact
--------------
Vendor Name: Apple Inc.
Tested Versions:
Internet Explorer 7.0.5730.11
Tested OS:
Windows XP Professional SP2 Italian
Minded Security ReferenceID:
MSA02240108
Credits:
---------------------------------------------------
Software:
Google Chrome Browser 0.2.149.27
Tested:
Windows XP Professional SP3
Result:
Google Chrome Crashes with All Tabs
Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It lies in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.
Microsoft Windows 2000 Professional SP4
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Microsoft Windows XP Professional / Home SP2
Linux Operating Systems
Version
Red Hat Enterprise Linux (WS/ES/AS) 5
#####################################################################################
Application: Cerberus FTP 3.0.6
Platforms: Windows XP Professional SP2
Windows Vista SP1
crash: YES
Exploitation: Remote DoS
Next Page>>
|
