Full Disclosure mailing list archives
Re: [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability
From: Julien Ahrens <info () rcesecurity com>
Date: Sun, 17 Nov 2013 17:46:01 +0100
From a technical point of view, it's a vulnerability because you can
gain control of EIP. The reason why a victim would probably import an arbitrary .reg file is the same as why he would use a .wav file from an untrusted source, which exploits a flaw in the installed .wav converter. If you can convince (social-engineer) your victim, because of a lack of knowledge, this scenario would work. But I was thinking about another attack scenario: Imagine that you have already access to the victim's computer - then you could use this flaw to place a backdoor-shellcode (e.g. a reverse shell) into the registry, which is executed every time the application starts - by default: on startup. Since the application does not validate the values from the registry (and does not remove them too), you've got some kind of persistent code execution. Regards. On 17.11.2013 16:12, Jann Horn wrote:
On Sat, Nov 16, 2013 at 03:23:07PM +0100, Julien Ahrens wrote:A buffer overflow vulnerability has been identified in Avira Secure Backup v1.0.0.1 Build 3616. An attacker needs to force the victim to import an arbitrary .reg file in order to exploit the vulnerability.Could you please elaborate on why this is a "vulnerability"? If I can convince someone to import random registry files, can't I just add some autorun entry or whatever?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability Julien Ahrens (Nov 16)
- Re: [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability Jann Horn (Nov 17)
- Re: [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability Julien Ahrens (Nov 17)
- Re: [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability Jann Horn (Nov 17)