- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 38384
- Проверка EDB
-
- Пройдено
- Автор
- GOOGLE SECURITY RESEARCH
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2015-10-02
Avast! AntiVirus - X.509 Error Rendering Command Execution
Код:
Source: https://code.google.com/p/google-security-research/issues/detail?id=546
Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature. Unbelievably, this means CN="<h1>really?!?!?</h1>" actually works, and is pretty simple to convert into remote code execution.
To verify this bug, I've attached a demo certificate for you. Please find attached key.pem, cert.pem and cert.der. Run this command to serve it from a machine with openssl:
$ sudo openssl s_server -key key.pem -cert cert.pem -accept 443
Then visit that https server from a machine with Avast installed. Click the message that appears to demonstrate launching calc.exe.
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38384.zip- Источник
- www.exploit-db.com
