21 April, 2011

Assassin's Creed: Brotherhood

Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)

The ElonFmt ActiveX Control Module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in elonfmt.ocx module, we get a few memory registers overwritten including the SEH. We’re dealing with a character translation. An attacker can gain access to the system on the affected node and execute arbitrary code.

Read on: http://zeroscience.mk/blog/04/2011/gesytec-elonfmt-activex-1-1-14-elonfmt-ocx-pid-item-buffer-overflow-seh/

06 April, 2011

Anfibia Reactor 2.1.1 (login.do) Remote XSS POST Injection Vulnerability

Vendor: Anfibia Software
Product web page: http://www.anfibia-soft.com
Affected version:

Summary: Fast web-based server monitoring. Keep an eye on servers,
connections, databases, cpu, hard drives and more!

Desc: The Anfibia Reactor JS service suffers from a XSS vulnerability
when parsing user input to the 'email' parameter via POST method in
'reactor/login.do' script at the manager login interface. Attackers
can exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.

Tested on: Microsoft Windows XP Professional SP3 (EN)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk

[14.03.2011] Vulnerability discovered.
[16.03.2011] Contact with the vendor.
[16.03.2011] Vendor replies asking more details.
[16.03.2011] Sent vulnerability details to vendor.
[16.03.2011] Vendor confirms XSS issue.
[06.04.2011] Vendor releases version 3 to address this issue.
[06.04.2011] Coordinated public advisory released.