Microsoft Windows "CreateProcess()" .cmd和.bat安全绕过漏洞

Bugtraq ID:66619 CVE ID:CVE-2014-0315 Windows是一款由美国微软公司开发的窗口化操作系统。 由于当操作系统处理关于"CreateProcess"方法的.bat和.cmd文件时没有正确限制文件路径，攻击者可以利用漏洞执行特制的可执行文件，例如由诱使用户打开位于远程WebDAV或SMB共享的应用程序。 0 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Window...

MS14-019 – Fixing a binary hijacking via .cmd or .bat file

Command .cmd and batch .bat files can be directly provided as input to the CreateProcess as if it is an executable. CreateProcess uses the cmd.exe automatically to run the input .cmd or .bat. Today, with the bulletin MS14-019 we are fixing a vulnerability, where in particular scenario it is...

Jumping Out of IE's Sandbox With One Click

Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release...

A micro windows crash catcher in python

In this article we describe how to write a minimalistic Windows debugging loop.aspx in python. Modern applications usually spawn more than one process and the bugs in them generate different type of crashes. Our minimalistic debugger shall detect "any" crash condition of a process or process tree...

HP Data Protector 6.1 EXEC_CMD Command Execution

This module exploits HP Data Protector's omniinet process, specifically against a Windows setup. When an EXECCMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW. If the file is found, the process will then go ahead execute it with...

Kaspersky Updater GUI 2.2.0.72 Commandline Vulnerability

Exploit for windows platform in category local exploits ======================================================== Kaspersky Updater GUI 2.2.0.72 Commandline Vulnerability ======================================================== Exploit Title : Commandline vulnerability Date : 27 Oct 2010 Author :...

Safe Returner 1.27.5 Commandline Vulnerability

Exploit for windows platform in category local exploits ============================================== Safe Returner 1.27.5 Commandline Vulnerability ============================================== Exploit Title : Commandline vulnerability Date : 27 Oct 2010 Author : STRELiTZIA Software : Safe...

CVE-2010-1909

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...

Buffer overflow

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...

CVE-2010-1909

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...

WinMount 3.4.1020 Final Commandline Vulnerability

Exploit for windows platform in category local exploits ================================================= WinMount 3.4.1020 Final Commandline Vulnerability ================================================= Exploit Title : Commandline vulnerability Date : 27 Oct 2010 Author : STRELiTZIA Software :...

[TZO-2009-2] Avira Antivir - Priviledge escalation

From the 'cover-your-basics' and from the 'they-still-exist-department' Antivir insecure CreateProcess usage - Privilege Esclation and autostart as free bonus Reference : TZO-2009-2-Avira Antivir Priviledge escalation WWW : http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html...

Microsoft Host Integration Server RPC远程命令执行漏洞（MS08-059）

BUGTRAQ ID: 31620 CVECAN ID: CVE-2008-3466 Host Integration Server通过提供应用、数据和网络集成特性，将Microsoft Windows扩展至其它系统。 Host Integration Server的RPC接口所暴露的一些方式允许未经认证的攻击者在服务器上执行任意程序。RPC opcodes 1和6都允许攻击者调用CreateProcess函数并向其传送命令行，这可能导致完全入侵服务器。 Microsoft Host Integration Server 2006 Microsoft Host Integration...

CVE-2008-3466

Microsoft Host Integration Server HIS 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS...

Authentication flaw

Microsoft Host Integration Server HIS 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS...

CVE-2008-3466

Microsoft Host Integration Server HIS 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS...

EMC AlphaStor库管理器任意命令执行漏洞

CVECAN ID: CVE-2008-2157 AlphaStor是用于管理磁盘的应用程序组件。 AlphaStor中库管理器（Library Manager）用于管理在分布的位置上替换磁盘驱动。该管理器由单个进程robotd组成，在TCP 3500端口上监听入站连接。 如果对库管理器发送了特殊请求的话，robotd会使用报文中的字符串在系统上通过CreateProcess函数执行命令，这允许攻击者在主机上以SYSTEM权限执行任意程序。 EMC AlphaStor 3.1 SP1 for Windows EMC --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载...

CVE-2007-4155

Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the 1 CreateProcess or 2 CreateProcessEx method...

vmware-create-exec.txt

:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: VmWare Inc version 6.0.0 CreateProcess & CreateProcessEx Remode Code Execution Exploit ====================================================================================== Internal ID: VULWAR200707300. -----------...

VMware Inc 6.0.0 CreateProcess Remote Code Execution Exploit

No description provided by source. :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: VmWare Inc version 6.0.0 CreateProcess & CreateProcessEx Remode Code Execution Exploit ====================================================================================== Interna...