Sony PC Companion Admin_RemoveDirectory()栈缓冲区溢出漏洞
Sony PC Companion Admin_RemoveDirectory()栈缓冲区溢出漏洞
发布日期:2012-12-20
更新日期:2012-12-21
受影响系统:
sonymobile PC Companion 2.10.115
sonymobile PC Companion 2.10.108
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57016
Sony PC Companion是连接设备到计算机的工具和应用。
Sony PC Companion 2.10.115、2.10.108在其PluginManager.dll内的Admin_RemoveDirectory函数处理'Path'变量值时存在一个边界错误,远程攻击者通过构造超长的字符串,利用此漏洞可造成栈缓冲区溢出,导致任意代码执行。
<*来源:Gjoko Krstic (liquidworm@gmail.com)
链接:http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5120.php
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
--------------------------------------------------------------------------------
STATUS_STACK_BUFFER_OVERRUN encountered
(1e5c.1b34): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=6348e958 ecx=75b1de28 edx=0013e505 esi=00000000 edi=0013ed88
eip=75b1dca5 esp=0013e74c ebp=0013e7c8 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
KERNEL32!FormatMessageA+0x13c85:
75b1dca5 cc int 3
0:000> !exchain
0013e7b8: KERNEL32!RegSaveKeyExA+3e9 (75b49b72)
0013f114: 00430043
Invalid exception stack at 00420042
0:000> d 0013f114
0013f114 42 00 42 00 43 00 43 00-44 00 44 00 44 00 44 00 B.B.C.C.D.D.D.D.
0013f124 44 00 44 00 44 00 44 00-44 00 44 00 44 00 44 00 D.D.D.D.D.D.D.D.
0013f134 44 00 44 00 44 00 44 00-44 00 44 00 44 00 44 00 D.D.D.D.D.D.D.D.
0013f144 44 00 44 00 44 00 44 00-44 00 44 00 44 00 44 00 D.D.D.D.D.D.D.D.
0013f154 44 00 44 00 44 00 44 00-44 00 44 00 44 00 44 00 D.D.D.D.D.D.D.D.
0013f164 44 00 44 00 44 00 44 00-44 00 44 00 44 00 44 00 D.D.D.D.D.D.D.D.
0013f174 44 00 44 00 44 00 44 00-44 00 44 00 44 00 44 00 D.D.D.D.D.D.D.D.
0013f184 44 00 44 00 44 00 44 00-44 00 44 00 44 00 44 00 D.D.D.D.D.D.D.D.
0:000>
--------------------------------------------------------------------------------
建议:
--------------------------------------------------------------------------------
厂商补丁:
sonymobile
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.sonymobile.com/cn/
评论暂时关闭