Hidden pain
11-05-2011, 12:35 AM
من مدة طبعا الكل شاف كيف نزلت ثغرات الlocal
كالمطر , بسبب ثغرة ال dll hijack الجديدة
مكتشف الثغرة هوا نفس راعي مشروع الميتاسبلويت
والثغرة بكل البرامج التي تدعم فتح مفات بصيغتها
انا صراحة استغربت لبساطة الثغرة , كان أي شخص قادر يكتشفها
والمشكلة انها نزلت فوقت متأخر جدا , ونزلت لها استغلالات autopwn
اعرف انو البعض مش فاهم شيء , لاكن باختصار نوعا ما صار كل شيء سهل
وبامكانك تخترق اي مستعمل وندوز
الثغرة تقريبا نازلة بكل البرامج المعروفة هه , وهي لحد الآن بكل من :
Application Version >>> ACCUNETIX Accunetix Web Vulnerability Scanner (wvs) latest >>> ALLADIN Aladdin eToken PKI Client (etc, etcp)
(wintab32.dll) 5.0.0.65 >>> APPLE Safari
(dwmapi.dll) <= 5.0.1 >>> AVAST Avast! (license file .avastlic)
(mfc90loc.dll) <= 5.0.594 >>> ADOBE Adobe Dreamweaver
(mfc90loc.dll, mfc90ptb.dll(lang-dependent)) CS4 (<= 10.0 build 4117)
CS5 (<= 11.0 build 4909) Adobe ExtendedScript Toolkit
(dwmapi.dll) CS5 v3.5.0.52 Adobe Extension Manager (mxi,mxp)
(dwmapi.dll) CS5 v5.0.298 Adobe Photoshop
(wintab32.dll) CS2 Adobe Fireworks CS3, CS4 and CS5 Adobe Device Central
(qtcf.dll) CS5 Adobe Illustrator (ait, eps)
(aires.dll) CS4 v14.0.0 Adobe On Location (olproj)
(ibfs32.dll) CS4 build 315 Adobe Indesign (indl, indp, indt, inx)
(ibfs32.dll) CS4 v6.0 Adobe Premier (pproj, prfpset, prexport, prm, prmp, prpreset, prproj, prsl, prtl, vpr)
(ibfs32.dll) Pro CS4 314 Adobe Audition (audition.exe) (cdl, cel, dbl, dwd, pcm, sam, ses, smp, svx, vox)
(assist.dll, ff_theora.dll, quserex.dll, skl_drv_mpg.dll) 3.0.7283.0 (Win7 x64) >>> BREAKPOINT HexWorkshop
(pe932d.dll, pe936d.dll, pegrc32d.dll) 6.0.1.460.3 >>> BS.Player BS.player
(mfc71loc.dll) latest >>> CAMTASIA Camtasia Studio (cmmp,cmmtpl,camproj,camrec)
(dwmapi.dll) <= 6 build 689 >>> CDISPLAY CDisplay (cba, cbr, cbt, cbz)
(trace32.dll) 1.8.10 >>> CISCO Cisco Packet Tracer (pkt, pkz)
(wintab32.dll) 5.2 >>> CITRIX Citrix ICA Client (ica)
(pncachen.dll, wfapi.dll) v9.0.32649.0 >>> COREL Corel Draw (cmx,csl)
(crlrib.dll) <= X3 v13.0.0.576 Corel PhotoPaint (cpt)
(crlrib.dll) <= X3 v13.0.0.576 >>> DAEMON TOOLS DAEMON Tools Lite (mdf, mds, mdx)
(mfc80loc.dll) 4.35.6.0091 >>> ETTERCAP <= NG 0.7.3 Ettercap
(wpcap.dll) >>> GFI GFI Backup (gbc,gbt)
(armaccess.dll) 2009 Home Edition >>> GILLES VOLLANT WinImage (bzw, dsk, img, imz, iso, vfd, wil, wlz)
(wnaspi32.dll) 8.0.0.8000 (win7 x64) >>> GOOGLE Google Chrome
(chrome.dll) latest Google Earth (kmz)
(quserex.dll) <= v5.1.3535.3218 >>> HTTRACK WinHTTrack Website Copier (whtt)
(mfc71enu.dll, mfc71loc.dll) 3.43-7 >>> INTERVIDEO Intervideo WinDVD
(cpqdvd.dll) 5 >>> INTUIT Quickbooks (des,qbo,qpg)
(dbicudtx11.dll, mfc90enu.dll, mfc90loc.dll) Pro 2010 >>> IZARC IZArc (all archive formats)
(ztv7z.dll) <= 4.1.2 >>> MEDIA PLAYER Mediaplayer Classic mpc (all formats)
(iacenc.dll) <= 1.3.2189.0 Media Player Classic (3gp, 3gp2, flv, m4b, m4p, m4v, mp4, spl)
(ehtrace.dll, iacenc.dll) <= v6.4.9.x >>> MICROSOFT MS Powerpoint (odp,pot,potm,pptx,ppt,ppa,pps,ppsm,ppsx,pptm,pwz, sldm,sldx)
(pptimpconv.dll, pp7x32.dll,rpawinet.dll) – verified on 32 & 64bit 2007
2010 MS Word (docx)
(rpawinet.dll) 2007 MS Virtual PC (vmc)
(midimap.dll) 2007 Ms Visio (vtx – 2003, vss – 2010)
(2003 – mfc71enu.dll, 2010 – dwmapi.dll) 2003
2010 MS Office Groove (wav, p7c)
(mso.dll) 2007 MS Windows Mail (nws)
(wab32res.dll) MS Windows Live Email (eml,rss)
(dwmapi.dll) latest MS Movie Maker (mswmm)
(hhctrl.ocx) <= 2.6.4038.0 MS Vista Backup Manager (.wbcat)
(fveapi.dll) MS Internet Connection Signup Wizard
(smmscrpt.dll) latest MS Internet Communication Settings (isp)
(schannel.dll) latest MS Group Convertor (grp)
(imm.dll) latest MS Clip Organizer (mpf)
(twcgst.dll) <= 11.8164.8324 (XP SP3) MS Snapshot viewer (snp)
(mfc71enu.dll, mfc71loc.dll) 11 Windows Program Group / grpconv.exe (grp)
(imm.dll) latest MS Windows Address Book wab.exe/Contacts (wab, p7c, contact, group, vcf)
(wab32res.dll) XP, Vista
silently patched on Win7 MS RDP Client (rdp)
(dwmapi.dll – Win7, ieframe.dll – XPSP3) v6.1.7600.16385 (Win7)
v6.0.6001.18000 (XP SP3) MS Visual Studio devenv.exe (cur, rs, rct, res)
(NULL.dll) 2008 wscript (jse) / (js, vbs)
(wshfra.dll) (traceapp.dll) XP version MS Windows Media Encoder (prx)
(wmerrorenu.dll, winietenu.dll, asferrorenu.dll) 9.00.00.2980 MS ATL Trace Tool (atltracetool8.exe) (trc)
(dwmapi.dll) 10.0.30319.1 MS DirectShow SDK Filter Graph Editor (grf)
(ehtrace.dll, measure.dll) 10.0.0.0 (Win7 x64) >>> MOZILLA Firefox (htm, html, jtx, mfp, shtml, xaml)
(dwmapi.dll) <= 3.6.8 Mozilla Thunderbird (eml,html)
(dwmapi.dll) 3.1.2 >>> NETSTUMBLER NetStumbler (ns1)
(mfc71enu.dll, mfc71loc.dll) 0.4.0 >>> NVIDIA NVidia Driver (tvp)
(nview.dll) latest >>> OMNIPEEK Omnipeek Personal (pkt, wac)
(mfc71loc.dll) 4.1 >>> OPERA Opera (htm, html, mht, mhtml, xht, xhtm, xhtl)
(dwmapi.dll) <= 10.61 Opera widgets (wgt) >>> ORACLE Java Web Start (javaw.exe) (jnlp)
(schannel.dll) 1.6 update 21 >>> PUTTY putty
(winmm.dll) 0.60 >>> ROXIO Roxio Photosuite
(homeutils9.dll) 9 Roxio MyDVD (dmsd,dmsm)
(homeutils9.dll) 9 Roxio Creator DE
(homeutils9.dll) <= 9.0.116 Roxi Central (c2d,cue,gi,iso,roxio)
(homeutils10.dll, dlaapi_w.dll, sonichttpclient10.dll, tfswapi.dll) 3.6 >>> SKYPE Skype
(wab32.dll) <= 4.2.0.169 >>> SWEETSCAPE 010 Editor (bt,hex)
(wintab32.dll) >>> TEAMMATE Teammate audit mgmt software suite
(mfc71enu.dll) v8 >>> TEAMVIEWER Teamviewer (tvc, tvs)
(dwmapi.dll) <= 5.0.8703 >>> TECHSMITH TechSmith Snagit (.snag)
(dwmapi.dll) <= 10 build 788 TechSmith Snagit accessories (results) latest TechSmith Snagit profiles (snagprof) latest >>> uTorrent uTorrent
(userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, rpcrtremote.dll)
.torrent (plugin_dll.dll) <= 2.0.3 / <= 2.0.3 >>> VIDEOLAN VLC media player (mp3)
(wintab32.dll) <= 1.1.3
(fixed in 1.1.4) >>> NULLSOFT Winamp (669,aac,aiff,amf,au,avr,b4s,caf,cda)
(wnaspi32.dll, dwmapi.dll) 5.581 Winamp (b4s, m3u8, m3u, pls)
(wnaspi32.dl) 5.5.8.2985 (Win7 x64) >>> WIRESHARK Wireshark (5vw, acp, apc, atc,bfr,cap,enc,erg,fdc,pcap,…)
(airpcap.dll, tcapi.dll) <= 1.2.10 >>> OTHERS (awaiting more details) Isobuster GNS3
يعني ببساطة نسبة اختراق أصحاب الوندوز ارتفعت ارتفاع رهييييييييييييييب
كالمطر , بسبب ثغرة ال dll hijack الجديدة
مكتشف الثغرة هوا نفس راعي مشروع الميتاسبلويت
والثغرة بكل البرامج التي تدعم فتح مفات بصيغتها
انا صراحة استغربت لبساطة الثغرة , كان أي شخص قادر يكتشفها
والمشكلة انها نزلت فوقت متأخر جدا , ونزلت لها استغلالات autopwn
اعرف انو البعض مش فاهم شيء , لاكن باختصار نوعا ما صار كل شيء سهل
وبامكانك تخترق اي مستعمل وندوز
الثغرة تقريبا نازلة بكل البرامج المعروفة هه , وهي لحد الآن بكل من :
Application Version >>> ACCUNETIX Accunetix Web Vulnerability Scanner (wvs) latest >>> ALLADIN Aladdin eToken PKI Client (etc, etcp)
(wintab32.dll) 5.0.0.65 >>> APPLE Safari
(dwmapi.dll) <= 5.0.1 >>> AVAST Avast! (license file .avastlic)
(mfc90loc.dll) <= 5.0.594 >>> ADOBE Adobe Dreamweaver
(mfc90loc.dll, mfc90ptb.dll(lang-dependent)) CS4 (<= 10.0 build 4117)
CS5 (<= 11.0 build 4909) Adobe ExtendedScript Toolkit
(dwmapi.dll) CS5 v3.5.0.52 Adobe Extension Manager (mxi,mxp)
(dwmapi.dll) CS5 v5.0.298 Adobe Photoshop
(wintab32.dll) CS2 Adobe Fireworks CS3, CS4 and CS5 Adobe Device Central
(qtcf.dll) CS5 Adobe Illustrator (ait, eps)
(aires.dll) CS4 v14.0.0 Adobe On Location (olproj)
(ibfs32.dll) CS4 build 315 Adobe Indesign (indl, indp, indt, inx)
(ibfs32.dll) CS4 v6.0 Adobe Premier (pproj, prfpset, prexport, prm, prmp, prpreset, prproj, prsl, prtl, vpr)
(ibfs32.dll) Pro CS4 314 Adobe Audition (audition.exe) (cdl, cel, dbl, dwd, pcm, sam, ses, smp, svx, vox)
(assist.dll, ff_theora.dll, quserex.dll, skl_drv_mpg.dll) 3.0.7283.0 (Win7 x64) >>> BREAKPOINT HexWorkshop
(pe932d.dll, pe936d.dll, pegrc32d.dll) 6.0.1.460.3 >>> BS.Player BS.player
(mfc71loc.dll) latest >>> CAMTASIA Camtasia Studio (cmmp,cmmtpl,camproj,camrec)
(dwmapi.dll) <= 6 build 689 >>> CDISPLAY CDisplay (cba, cbr, cbt, cbz)
(trace32.dll) 1.8.10 >>> CISCO Cisco Packet Tracer (pkt, pkz)
(wintab32.dll) 5.2 >>> CITRIX Citrix ICA Client (ica)
(pncachen.dll, wfapi.dll) v9.0.32649.0 >>> COREL Corel Draw (cmx,csl)
(crlrib.dll) <= X3 v13.0.0.576 Corel PhotoPaint (cpt)
(crlrib.dll) <= X3 v13.0.0.576 >>> DAEMON TOOLS DAEMON Tools Lite (mdf, mds, mdx)
(mfc80loc.dll) 4.35.6.0091 >>> ETTERCAP <= NG 0.7.3 Ettercap
(wpcap.dll) >>> GFI GFI Backup (gbc,gbt)
(armaccess.dll) 2009 Home Edition >>> GILLES VOLLANT WinImage (bzw, dsk, img, imz, iso, vfd, wil, wlz)
(wnaspi32.dll) 8.0.0.8000 (win7 x64) >>> GOOGLE Google Chrome
(chrome.dll) latest Google Earth (kmz)
(quserex.dll) <= v5.1.3535.3218 >>> HTTRACK WinHTTrack Website Copier (whtt)
(mfc71enu.dll, mfc71loc.dll) 3.43-7 >>> INTERVIDEO Intervideo WinDVD
(cpqdvd.dll) 5 >>> INTUIT Quickbooks (des,qbo,qpg)
(dbicudtx11.dll, mfc90enu.dll, mfc90loc.dll) Pro 2010 >>> IZARC IZArc (all archive formats)
(ztv7z.dll) <= 4.1.2 >>> MEDIA PLAYER Mediaplayer Classic mpc (all formats)
(iacenc.dll) <= 1.3.2189.0 Media Player Classic (3gp, 3gp2, flv, m4b, m4p, m4v, mp4, spl)
(ehtrace.dll, iacenc.dll) <= v6.4.9.x >>> MICROSOFT MS Powerpoint (odp,pot,potm,pptx,ppt,ppa,pps,ppsm,ppsx,pptm,pwz, sldm,sldx)
(pptimpconv.dll, pp7x32.dll,rpawinet.dll) – verified on 32 & 64bit 2007
2010 MS Word (docx)
(rpawinet.dll) 2007 MS Virtual PC (vmc)
(midimap.dll) 2007 Ms Visio (vtx – 2003, vss – 2010)
(2003 – mfc71enu.dll, 2010 – dwmapi.dll) 2003
2010 MS Office Groove (wav, p7c)
(mso.dll) 2007 MS Windows Mail (nws)
(wab32res.dll) MS Windows Live Email (eml,rss)
(dwmapi.dll) latest MS Movie Maker (mswmm)
(hhctrl.ocx) <= 2.6.4038.0 MS Vista Backup Manager (.wbcat)
(fveapi.dll) MS Internet Connection Signup Wizard
(smmscrpt.dll) latest MS Internet Communication Settings (isp)
(schannel.dll) latest MS Group Convertor (grp)
(imm.dll) latest MS Clip Organizer (mpf)
(twcgst.dll) <= 11.8164.8324 (XP SP3) MS Snapshot viewer (snp)
(mfc71enu.dll, mfc71loc.dll) 11 Windows Program Group / grpconv.exe (grp)
(imm.dll) latest MS Windows Address Book wab.exe/Contacts (wab, p7c, contact, group, vcf)
(wab32res.dll) XP, Vista
silently patched on Win7 MS RDP Client (rdp)
(dwmapi.dll – Win7, ieframe.dll – XPSP3) v6.1.7600.16385 (Win7)
v6.0.6001.18000 (XP SP3) MS Visual Studio devenv.exe (cur, rs, rct, res)
(NULL.dll) 2008 wscript (jse) / (js, vbs)
(wshfra.dll) (traceapp.dll) XP version MS Windows Media Encoder (prx)
(wmerrorenu.dll, winietenu.dll, asferrorenu.dll) 9.00.00.2980 MS ATL Trace Tool (atltracetool8.exe) (trc)
(dwmapi.dll) 10.0.30319.1 MS DirectShow SDK Filter Graph Editor (grf)
(ehtrace.dll, measure.dll) 10.0.0.0 (Win7 x64) >>> MOZILLA Firefox (htm, html, jtx, mfp, shtml, xaml)
(dwmapi.dll) <= 3.6.8 Mozilla Thunderbird (eml,html)
(dwmapi.dll) 3.1.2 >>> NETSTUMBLER NetStumbler (ns1)
(mfc71enu.dll, mfc71loc.dll) 0.4.0 >>> NVIDIA NVidia Driver (tvp)
(nview.dll) latest >>> OMNIPEEK Omnipeek Personal (pkt, wac)
(mfc71loc.dll) 4.1 >>> OPERA Opera (htm, html, mht, mhtml, xht, xhtm, xhtl)
(dwmapi.dll) <= 10.61 Opera widgets (wgt) >>> ORACLE Java Web Start (javaw.exe) (jnlp)
(schannel.dll) 1.6 update 21 >>> PUTTY putty
(winmm.dll) 0.60 >>> ROXIO Roxio Photosuite
(homeutils9.dll) 9 Roxio MyDVD (dmsd,dmsm)
(homeutils9.dll) 9 Roxio Creator DE
(homeutils9.dll) <= 9.0.116 Roxi Central (c2d,cue,gi,iso,roxio)
(homeutils10.dll, dlaapi_w.dll, sonichttpclient10.dll, tfswapi.dll) 3.6 >>> SKYPE Skype
(wab32.dll) <= 4.2.0.169 >>> SWEETSCAPE 010 Editor (bt,hex)
(wintab32.dll) >>> TEAMMATE Teammate audit mgmt software suite
(mfc71enu.dll) v8 >>> TEAMVIEWER Teamviewer (tvc, tvs)
(dwmapi.dll) <= 5.0.8703 >>> TECHSMITH TechSmith Snagit (.snag)
(dwmapi.dll) <= 10 build 788 TechSmith Snagit accessories (results) latest TechSmith Snagit profiles (snagprof) latest >>> uTorrent uTorrent
(userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, rpcrtremote.dll)
.torrent (plugin_dll.dll) <= 2.0.3 / <= 2.0.3 >>> VIDEOLAN VLC media player (mp3)
(wintab32.dll) <= 1.1.3
(fixed in 1.1.4) >>> NULLSOFT Winamp (669,aac,aiff,amf,au,avr,b4s,caf,cda)
(wnaspi32.dll, dwmapi.dll) 5.581 Winamp (b4s, m3u8, m3u, pls)
(wnaspi32.dl) 5.5.8.2985 (Win7 x64) >>> WIRESHARK Wireshark (5vw, acp, apc, atc,bfr,cap,enc,erg,fdc,pcap,…)
(airpcap.dll, tcapi.dll) <= 1.2.10 >>> OTHERS (awaiting more details) Isobuster GNS3
يعني ببساطة نسبة اختراق أصحاب الوندوز ارتفعت ارتفاع رهييييييييييييييب