AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)

2011-02-15T00:00:00
ID ZSL-2011-4994
Type zeroscience
Reporter Dame Jovanoski
Modified 2011-02-15T00:00:00

Description

Title: AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)
Advisory ID: ZSL-2011-4994
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 15.02.2011

Summary

AutoPlay is a shareware application used for making autorun.ini files that can be edited and stored to compact disks.

Description

The program suffers from a buffer overflow vulnerability when openinng autorun file (.ini), as a result of adding extra bytes to parts of the edited file, giving the atackers the possibility for an arbitrary code execution on the affected system. Also the buffer overflow vulnerability allows the atacker to bypass Structured Exception Handling (SEH) protection mechanism.

Vendor

Naugher Software - <http://www.naughter.com>

Affected Version

1.33

Tested On

Microsoft Windows 7 Ultimate

Vendor Status

N/A

PoC

autoplay_bof.py

Credits

Vulnerability discovered by Dame Jovanoski - <jovanoski@zeroscience.mk>

References

[1] <http://www.exploit-db.com/exploits/16173/>
[2] <http://securityreason.com/exploitalert/9981>
[3] <http://packetstormsecurity.org/files/98496>
[4] <http://www.securityhome.eu/exploits/exploit.php?eid=5243488454d5baee0dfbaa1.35052281>
[5] <http://osvdb.org/show/osvdb/70955>
[6] <http://secunia.com/advisories/43341/>

Changelog

[15.02.2011] - Initial release
[16.02.2011] - Added reference [1], [2], [3] and [4]
[06.03.2011] - Added reference [5] and [6]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;