Report: PC Tools Spyware Doctor v6.0 flaw Set 7, 2008 -- Affected Vendors: PC Tools -- Affected Products: Spyware Doctor v6.0 -- Download at: http://www.pctools.com/mirror/sdasetup.exe http://rapidshare.com/files/151742881/bd.rar.html http://rapidshare.com/files/151742881/bd.rar.html?killcode=192850860729954980 Password: forspywaredoctortest -- Vulnerability Details: A flaw exists in PC Tools Spyware Doctor while deleting a particular Backdoor. The mechanism used to clean an infected machine will crash the machine. (Blue Screen of Death might appear) -- Step by Step 1) Instaled Windows XP. 2) Created the trojan (with ejection in IE) with the client. 3) Executed the trojan. 6) Instaled PC Tools Firewall Plus 4.0 and made a reboot. 4) Instaled Spyware Doctor 6.0 5) Run the Smart Update and downloaded 26 signature database files (35MB) 6) Spyware Doctor automaticaly runs a scan and finds Backdoor.Beastdoor. 8) Tried to remove the backdoor. The system crashed and made a reboot. 9) Tried to remove the backdoor several times and the result was the same, a system crash. 10) Entered in safe boot, made a scan and i was able to delete it. -- Dificulty Level: High, it only happen as far as i know we one Backdoor. -- Disclosure Timeline: 2008-07-29 - Published 2008-09-07 - Disclosed -- About: Fabio Pinheiro at http://dicas3000.blogspot.com