lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050729042254.14702.qmail@web70512.mail.krs.yahoo.com> Date: Fri Jul 29 05:23:04 2005 From: saintlinu at yahoo.co.kr (Park Gyutae) Subject: nProtect solutions arbitrary file download and execute vulnerability -------------------------------------------------------------------------------------------------------- Title: nProtect:Netizen arbitrary file download and execute vulnerability nProtectPersonal Web Service arbitrary file download and execute vulnerability Discoverer: PARK, GYU TAE (saintlinu@...l2root.org) Neo Advisory No.: NRVA05-04 NRVA05-05 Critical: High critical Impact: Gain remote user's privilige Where: From remote Operating System: Windows Only Solution: Patched Notice: 07. 01. 2005 initiate notify 07. 04. 2005 Second notify 07. 26. 2005 Patched 07. 29. 2005 Disclosure vulnerability Description: The nProtect:Netizen and nProtectPersonal Web Service are an antivirus solutions. It defends user from Internet about well-known hack tools and viruses something When it need update and patch itself then download from web site such as update.nprotect.net that time nProtect update program, npdownv.exe, DO NOT CHECK THAT update site URL!!! We can change URL, update configuration file and so on But npdownv.exe DO CHECK files that downloaded from update site compressed WITH PASSWORD!!! this means npdownv.exe already known password for decompress I found password in npdownv.exe by REVERSE ENGINEEGERING and Neo modified liveup.haz, configuration file When user accees the phishing page then downloaded trojan from hacker URL See following detail describe: EXPLOIT NOT INCLUDED HERE Related link: http://www.nprotect.co.kr/service/nProtectPersonal/nprotect/npos/kor/personal_npos.html -------------------------------------------------------------------------------------------------------- Special thanks for My best group Null@...t. PS. I'm very sorry for poor my konglish __________________________________________________ ? ? ??!? ????? ?????? ??! ??? ?? ?? ??? ??? ????? http://mail.yahoo.co.kr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050729/97f6554c/attachment.html
Powered by blists - more mailing lists