Exploit Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables

Exploiter

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
38931
Проверка EDB
  1. Пройдено
Автор
GOOGLE SECURITY RESEARCH
Тип уязвимости
DOS
Платформа
MULTIPLE
CVE
null
Дата публикации
2015-12-10
Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables
Код: 
Source: https://code.google.com/p/google-security-research/issues/detail?id=554

The attached PEncrypt packed executable causes an OOB write on Avast Server Edition. 

(gdb) bt
#0  0xf6f5e64a in EmulatePolyCode(_POLY_INFO*, int) () from /proc/self/cwd/defs/15092301/engine.so
#1  0xf6f7d334 in pencryptMaybeUnpack(CFMap&, _PEEXE_INFO*, asw::root::CGenericFile*, _EXE_UNPACK_INFO*) () from /proc/self/cwd/defs/15092301/engine.so
#2  0xf6f75805 in CPackWinExec::packIsPacked(CFMap&, void**, ARCHIVE_UNPACKING_INFO*) () from /proc/self/cwd/defs/15092301/engine.so
#3  0xf6e8d1a2 in CAllPackers::IsPacked(CFMap&, _SARCHIVERANGE*, unsigned int, unsigned int, unsigned int, unsigned int, CObjectName const*, unsigned int*, unsigned int*, _PEEXE_INFO**) () from /proc/self/cwd/defs/15092301/engine.so
#4  0xf6e784ef in CScanInfo::ProcessPackingReal(CObjectName&, CFMap&, _VIRUSDATAARRAY*, int&, unsigned int) () from /proc/self/cwd/defs/15092301/engine.so
#5  0xf6e78bdd in CScanInfo::ProcessPacking(CObjectName&, unsigned int, unsigned int) () from /proc/self/cwd/defs/15092301/engine.so
#6  0xf6e74fbd in CScanInfo::ProcessArea(CObjectName&, unsigned int, unsigned int) () from /proc/self/cwd/defs/15092301/engine.so
#7  0xf6e752af in CScanInfo::ProcessTopArea(CObjectName&, unsigned int) () from /proc/self/cwd/defs/15092301/engine.so
#8  0xf6e7d6db in avfilesScanRealMulti () from /proc/self/cwd/defs/15092301/engine.so
#9  0xf6e81915 in avfilesScanReal () from /proc/self/cwd/defs/15092301/engine.so
#10 0x0805d2a5 in avfilesScanReal ()
#11 0x0805498c in engine_scan ()
(gdb) x/i $pc
=> 0xf6f5e64a <_Z15EmulatePolyCodeP10_POLY_INFOi+7194>:	mov    WORD PTR [edx],ax
(gdb) p/x $edx
$7 = 0xe73f181f
(gdb) p/x $ax
$8 = 0x1060

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38931.zip
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
Ответы
0
Просмотры
548
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! - Authenticode Parsing Memory Corruption
Ответы
0
Просмотры
422
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! - JetDb::Ised4x Performs Unbounded Search on Input
Ответы
0
Просмотры
325
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! - Heap Overflow Unpacking MoleBox Archives
Ответы
0
Просмотры
399
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! - Integer Overflow Verifying numFonts in TTC Header
Ответы
0
Просмотры
375
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! AntiVirus - X.509 Error Rendering Command Execution
Ответы
0
Просмотры
389
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation
Ответы
0
Просмотры
304
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation
Ответы
0
Просмотры
277
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! AntiVirus 4.8.1351.0 - Denial of Service / Privilege Escalation
Ответы
0
Просмотры
266
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow
Ответы
0
Просмотры
253
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу