Latest YouTube Video

Saturday, December 2, 2017

[FD] Abyss Web Server < v2.11.6 Memory Heap Corruption

[+] Credits: John Page (aka HyP3rlinX) [+] Website: hyp3rlinx.altervista.org [+] Source: http://ift.tt/2AwhjCY [+] ISR: ApparitionSec Vendor: ==========aprelium.com Product: =========== Abyss Web Server < v2.11.6 Vulnerability Type: =================== Memory Heap Corruption CVE Reference: ============== N/A Security Issue: ================ Possible to corrupt heap memory of the Abyss Web Server by sending specially crafted HTML in repeated HTTP POST requests. Users should upgrade to latest version v2.11.6. GetUrlPageData2 (WinHttp) failed: 12002. FAULTING_IP: msvcrt!memcpy+5a 75e49b60 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 75e49b60 (msvcrt!memcpy+0x0000005a) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 003b9000 Attempt to read from address 003b9000 CONTEXT: 00000000 -- (.cxr 0x0;r) eax=00000000 ebx=075c33f8 ecx=000efd46 edx=00000002 esi=075c33b8 edi=0651edb0 eip=77670c52 esp=0651ea70 ebp=0651ea80 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 ntdll!ZwGetContextThread+0x12: 77670c52 83c404 add esp,4 PROCESS_NAME: abyssws.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 003b9000 READ_ADDRESS: 003b9000 FOLLOWUP_IP: abyssws+413d9 004413d9 59 pop ecx NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 APP: abyssws.exe ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) x86fre LAST_CONTROL_TRANSFER: from 0043f840 to 75e49b60 FAULTING_THREAD: ffffffff BUGCHECK_STR: APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_INVALID_POINTER_READ_PROBABLYEXPLOITABLE PRIMARY_PROBLEM_CLASS: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_PROBABLYEXPLOITABLE DEFAULT_BUCKET_ID: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_PROBABLYEXPLOITABLE STACK_TEXT: 777542a8 776cd9bc ntdll!RtlFreeHeap+0x64 777542ac 75e498cd msvcrt!free+0xcd 777542b0 004413d9 abyssws+0x413d9 777542b4 004089d0 abyssws+0x89d0 777542b8 0040a607 abyssws+0xa607 777542bc 0040bd58 abyssws+0xbd58 777542c0 0040cb5b abyssws+0xcb5b SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: abyssws+413d9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: abyssws IMAGE_NAME: abyssws.exe DEBUG_FLR_IMAGE_TIMESTAMP: 5807a3cb STACK_COMMAND: dps 777542a8 ; kb FAILURE_BUCKET_ID: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_PROBABLYEXPLOITABLE_c0000005_abyssws.exe!Unknown BUCKET_ID: APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_INVALID_POINTER_READ_PROBABLYEXPLOITABLE_abyssws+413d9 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:actionable_heap_corruption_heap_failure_block_not_busy_probablyexploitable_c0000005_abyssws.exe!unknown FAILURE_ID_HASH: {0ba3122b-4351-5a85-a0ea-294a6ce77042} Followup: MachineOwner

Source: Gmail -> IFTTT-> Blogger

No comments: