13 August, 2010

SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit


Title: SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit


Vendor: SmartCode Solutions
Product Web Page: htt://www.s-code.com
Version Tested: 1.1.5.0

Summary: SmartCode ServerX VNC Server control is a VNC server implemented as an
ActiveX component, which makes it extremely easy for you to integrate VNC support
into your Web or desktop applications. In the simplest scenario, you would add the
ServerX ActiveX component to your project, place the ServerX instance in a form,
and modify the ActiveX properties if desired. That's it - you just created an
application with a VNC Server embedded in it.

Desc: The vulnerability exist in the CSC_ServerXControl class with all its members.
When parsing overly long string while listening for incoming connection the application
crashes along with IE, corrupting the memory.

--

(26d8.25bc): C++ EH exception - code e06d7363 (first chance)
CSC_ServerXControl::FinalRelease
eax=00000000 ebx=00000000 ecx=7c800000 edx=7c97b120 esi=7c90de50 edi=00000000
eip=7c90e4f4 esp=0013fe5c ebp=0013ff58 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c90e4f4 c3 ret

--

Tested On: Microsoft Windows XP Professional SP3 (EN)
Windows Internet Explorer 8.0.6001.18702

Zero Science Lab Advisory ID: ZSL-2010-4948
Zero Science Lab Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4948.php


Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic
liquidworm gmail com

Zero Science Lab - http://www.zeroscience.mk

13.08.2010




http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4948.php

04 August, 2010

Avatar Game




Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability



Title: Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability



Vendor: RaidenFTPDteam / Team Johnlong Software

Product Web Page: http://www.raidentunes.com

Summary: RaidenTunes is a Web server based + application software that
allows You to setup an online music server quickly. It can scan the music
folders in Your PC and organize them into a database, allowing users to
connect to this server and browser/search and listen to the music easily.
Interaction between users is also possible with built in message board for
albums.

Desc: RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability
caused by improper validation of user-supplied input by the music_out.php
script thru "p" param. A remote attacker could exploit this vulnerability
to execute script in a victim's Web browser within the security context of
the hosting Web site, allowing the attacker to steal the victim's cookie-based
authentication credentials.

Affected Version: 2.1.1

Tested On: Microsoft Windows XP Professional SP3 (English)


Vendor Status: [02.08.2010] - Vulnerability discovered.
[02.08.2010] - Initial contact with the vendor.
[02.08.2010] - Vendor replied asking for details.
[02.08.2010] - Sent PoC to vendor.
[02.08.2010] - Vendor confirms vulnerability.
[04.08.2010] - Vendor releases version 2.1.2 to address this issue.
[04.08.2010] - Public advisory released.


Zero Science Lab Advisory ID: ZSL-2010-4947
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4947.php


Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic
liquidworm gmail com

Zero Science Lab
http://www.zeroscience.mk

02.08.2010



Proof Of Concept:

http://192.168.17.19/music_out.php?p=29%27%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://192.168.17.19/music_out.php?p=%27%3Cscript%3Ealert%28document.cookie%29%3C/script%3E






http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4947.php