 |
Navigation |
|
|
|
|
|
|
|
|
Latest Guides |
|
|
|
|
|
| Viewing News |
|
 |
|
|
|
Symantec Remote Stack Buffer Overflow -
2005-01-06
BugTraq has reported a bug which affects all versions of ALL symantec products up until 2005.
It reports.
"Symantec Norton AntiVirus 2004 installs many DLLs(Dynamic Link Library)
and COM(Component Object Model) objects. One of its DLL's "ccErrDsp.dll"
Which is by the default installation options located at :
C:Program FilesCommon FilesSymantec SharedccErrDsp.dll
"ccErrDsp.dll" registers "CcErrDsp.ErrorDisplay.1" COM Object.
After Symantec Norton AntiVirus 2004 was used, this object can be created
Localy & Remotely!
For Example:
Set symkiller = CreateObject("CcErrDsp.ErrorDisplay.1" )
The vulnerability appears in the "sProduct" parameter at the "DisplayError"
function of the object.
The "DisplayError" recieves the following parameters:
DisplayError(
[in] long nParentWnd,
[in] int nModuleId,
[in] int nErrorId,
[in] BSTR sCaption,
[in] BSTR sErrorText,
[in] BSTR sProduct,
[in] BSTR sVersion,
[in, optional] VARIANT varKeyArray,
[in, optional] VARIANT varValueArray,
[out, retval] VARIANT_BOOL* pRet);
Which means that the following assignment:
object.DisplayError(1,1,1,[STR <=255],[STR <=255],[Really Long String -
'A'>521950],[STR <=255]);
Will cause a Stack Buffer Overflow, which does not allow code execution."
Read full story http://www.securityfocus.com/archive/1/386159/2005-01-03/2005-01-09/0
|
|
|
|
|
|
|
|
|
|
