Report: PC Tools Spyware Doctor v6.0 flaw

["jose achada" <achada.jose () gmail com>]

Report: PC Tools Spyware Doctor v6.0 flaw
Set 7, 2008

-- Affected Vendors:
PC Tools

-- Affected Products:
Spyware Doctor v6.0

-- Download at:
http://www.pctools.com/mirror/sdasetup.exe

http://rapidshare.com/files/151742881/bd.rar.html
http://rapidshare.com/files/151742881/bd.rar.html?killcode=192850860729954980
Password: forspywaredoctortest

-- Vulnerability Details:
A flaw exists in PC Tools Spyware Doctor while deleting a particular
Backdoor. The mechanism used to clean an infected machine will crash
the machine. (Blue Screen of Death might appear)



-- Step by Step
1) Instaled Windows XP.

2) Created the trojan (with ejection in IE) with the client.

3) Executed the trojan.

6) Instaled PC Tools Firewall Plus 4.0 and made a reboot.

4) Instaled Spyware Doctor 6.0

5) Run the Smart Update and downloaded 26 signature database files (35MB)

6) Spyware Doctor automaticaly runs a scan and finds Backdoor.Beastdoor.

8) Tried to remove the backdoor. The system crashed and made a reboot.

9) Tried to remove the backdoor several times and the result was the
same, a system crash.

10) Entered in safe boot, made a scan and i was able to delete it.



-- Dificulty Level:
High, it only happen as far as i know we one Backdoor.

-- Disclosure Timeline:
2008-07-29 - Published
2008-09-07 - Disclosed

-- About:
Fabio Pinheiro at http://dicas3000.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/