lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Jul 2012 10:07:12 -0400 From: Григорий Братислава <musntlive@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Remote Exploit in Words With Friends Hello is full disclosure!! !! !! Is like to warn you about remote vulnerability is "Words With Friends" ----------------------------- Advisory: Words With Friends is played by millions of people. Attack is grant remote access to is player machine. Full control ----------------------------- URL:http://tinyurl.com/wordsisfriends ----------------------------- Affected products: All is Apple products that is allow Words With Friends. ----------------------------- Timeline: 01.07.1997 - Hong Kong returned to China 01.01.1998 - Richard Bejtlich first to discover and make term APT 02.01.1998 - Richard Bejtlich is made Captain of USAF CERT 03.07.2007 - GE is bamboozled is to think APT is after them 15.03.2011 - GE subordinates is so happy no more APT paranoia after April 01.04.2011 - Mandiant is next company to be APT bamboozled ----------------------------- Details: Words With Friends players is play game to make words and get points. Musntlive is discover remote vulnerability in game. ----------------------------- PoC Code: %68%74%74%70%3a%2f%2f%77%77%77%2e%6c%65%78%69%63%61 %6c%77%6f%72%64%66%69%6e%64%65%72%2e%63%6f%6d%2f%3f %67%61%6d%65%3d%57%a%6f%72%64%73%5f%57%69%74%68%5f %46%72%69%65%6e%64%73%26%6c%61%79%6f%75%74%3d%31%26 %74%69%6c%65%73%3d%25%32%30%26%62%6f%61%a%72%64%3d% 2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d% 2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d% 2d%2d%2d%a%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d %2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d %2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%a%2d%2d%2d%77%2d%2d %2d%2d%2d%2d%2d%2d%2d%2d%6d%2d%2d%2d%61%2d%2d%2d%2d %2d%2d%2d%2d%2d%76%75%6c%6e%65%72%61%62%69%6c%69%74 %a%79%2d%2d%2d%73%2d%2d%2d%6e%2d%2d%73%2d%2d%2d%6f %2d%2d%2d%74%2d%2d%2d%2d%2d%2d%2d%61%62%6f%75%74%2d %2d%2d%2d%2d%2d%2d%2d%a%2d%2d%2d%2d%2d%2d%2d%2d%2d %2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%6d%6f%76 %25%32%30%64%78%25%32%30%61%78%25%32%30%25%a%32%30 %2d%2d%2d%2d%6d%6f%76%2d%64%6c%25%32%30%63%6c%25%32 %30%25%32%30%2d%2d%2d%2d%70%6f%70%2d%65%73%2d%2d%2d %2d%2d%2d%2d ----------------------------- Live exploit http://tinyurl.com/wordsisfriends Best regards & is wishes, MusntLive Administrator of Internet Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists