Document Title: =============== DllHijackAuditor 3.5 - Stack Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/2cGUuiQ Release Date: ============= 2016-09-21 Vulnerability Laboratory ID (VL-ID): ==================================== 1954 Common Vulnerability Scoring System: ==================================== 6.3 Product & Service Introduction: =============================== DLL Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this vulnerability which can allow any attacker to completely take over the system. DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system. (Copy of the Homepage: http://ift.tt/1nS1wSd) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a stack buffer overflow vulnerability in the DllHijackAuditor v3.5 software. Vulnerability Disclosure Timeline: ================================== 2016-09-21: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== SecurityXploded Product: DllHijackAuditor - Software 3.5 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local stack buffer overflow vulnerability has been discovered in the official DllHijackAuditor v3.5 software. The overflow vulnerability allows remote attackers to take-over the process by overwrite of the active registers. The stack buffer overflow vulnerability is located in the `Specify Extension Entry` module of the software. Local attackers are able to include unicode as malicious payload to crash software via stack overflow. Thus allows the local attacker to overwrite for example the eip register to take control of the vulnerable software process. The security risk of the issue is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the vulnerability requires a low privileged system user account or restricted access without user interaction. Successful exploitation of the vulnerability results in computer system manipulation and compromise of the computer system. Vulnerable Input(s): [+] Specify Extension - (Entry) Proof of Concept (PoC): ======================= A local stack overflow vulnerability can be exploited by local attackers without user interaction and with privileged system user account. For security demonstration or to reproduce the sofwtare vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Launch the DllHijackAuditors.exe software process 2. Run the code in perl and a file format (.txt) will create 3. Copy the AAAAAAAAA+... string from DllHijackAuditor.txt to clipboard 4. Paste it to the input Specify Extension AAAAAAAAA+... string and click `Start Audit` to process 5. Software crash permanently by a stack overflow 6. Successfully reproduce of the local stack buffer overflow vulnerability! PoC: Exploit Code (Perl) #!/usr/bin/perl my $Buff = "x41" x 3000; open(MYFILE,'>>DllHijackAuditor.txt'); print MYFILE $Buff; close(MYFILE); print " POC Created by ZwXn";
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment