Buffer Overflow vulnerability in Acunetix scanner allows to hack the noobs who attack your website

Danor Cohen, a Security researcher who recently discovered the 'WinRAR file spoofing vulnerability', has discovered one more zero day vulnerability.  This time it is Buffer Overflow vulnerability in one of the popular web application vulnerability scanner 'Acunetix'.

There is a feature in Acunetix that allows to scan the additional domains or subdomains detected during the scan.

"It learns about the external related domains from the external sources that appear at the scanned website, for example: "<a href=http://externalSource.com/ ></a>"

Danor found that if the 'external' source url's length is larger than 268Bytes, the Acunetix vulnerability scanner will get crashed.

For Ex:
 <A href= “http://AAAAAAAAAAAAAAAAAAAAAAAAAA...........AAAAA”>

Researcher managed to exploit this vulnerability and successfully launched an executable file(calc.exe). By modifiying the code, one can infect the computers of newbies with a malware who attempt to scan their websites.

More technical details are available at his blog post.

Here is Proof of concept video:


*Update*:
Acunetix says this vulnerability affects only the illegitimate(cracked) copies of Acunetix WVS.

"The blogger seems to have managed to pull his exploit by using a cracked version of v8. The cracked version, probably required the replacement of the official executable with a vulnerable one." Acunetix says.

"Once again we want to re-assure all users of legitimate installations of Acunetix WVS that they are in no danger, and are not affected by this at all"

GOM Media Player v. 2.1.37 vulnerable to Buffer Overflow Attack

Security Researcher Ucha Gobejishvili (longrifle0x),Vulnerability Lab, discovered Buffer overflow vulnerability in the GOM Media player application. Version 2.1.37 found to be vulnerable to this attack.

Buffer overflow:
         An app is said to be vulnerable to when it allows attackers to store the the data in a buffer beyond the size allocated for it. By successfully exploiting the vulnerability, an attacker can run an arbitrary code.
Researcher claimed the vulnerability can exploited by local and remote attackers. Researcher estimated this vulnerability risk as high.

POC:
1) Download & open the software client
2) Click open ==> Url..
3) Put vulnerability code
4) now you will see result

The video that demonstrate the vulnerability:

Microsoft office 2007 Excel.xlb Vulnerable to Buffer Overflow Attack


This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.

Discovered by :
Aniway
Abyssec
sinn3r
juan vazquez

Reference taken from :
CVE 2011-0105
OSVDB 71765
MSB MS11-021

Platform : windows
Targets :
Win XP sp3 ( Vista and 7 will try to repair the file )
Microsoft Office excel 2007 on Windows XP
Microsoft Office excel 2007 SP2 on Windows XP




source:
snypter