lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 27 Mar 2007 12:29:56 +0800
From: "Alex Park" <saintlinu@...il.com>
To: "Secunia Research" <vuln@...unia.com>, full-disclosure@...ts.grok.org.uk, 
	bugtraq@...urityfocus.com
Subject: SignKorea's ActiveX Buffer Overflow Vulnerability

Title: SignKorea's ActiveX Buffer Overflow Vulnerability

Version: SKCommAX ActiveX Control Module 7,2,0,2
         SKCommAX ActiveX Control Module(3280) 6,6,0,1

Discoverer: PARK, GYU TAE (saintlinu@...l2root.org)

Advisory No.: NRVA07-01

Critical: High critical

Impact: Gain remote user's privilege

Where: From remote

Operating System: Windows Only

Test Client System: Windows XP Service Pack 2 in KOREAN (Patched)
                    Windows XP Service Pack 2 in ENGLISH (Patched)

Solution Vendor: SignKorea, KOSCOM

Solution: Patched

Duration of patch: 6 Day(s) - don't ask me about this I don't know exactly

Notice: 17. 03. 2007 Initiate notified KISA(Korea Information Security
Agency)
        21. 03. 2007 Vendor response and confirmed vulnerability
        23. 03. 2007 Patched by vendor
        26. 03. 2007 Public disclosure

Description:

The SKCommAX's ActiveX is common certification solution on the net
If citizen want to use Internet banking, Stock and so on like Online
banking services in Korea
then must be use PKI certification program like this ActiveX.

The SKCommAX's activex has one remote vulnerability (maybe)
If uses HTML file which was crafted by this vulnerability then you'll get
somebody's remote privilege.

See following detail describe:

SKCommAX's activex has DownloadCertificateExt() function. this function
requests two arguments(pszUserID and CertType).
This function didn't check pszUserID argument whether it's correct or not.
It's a pretty simple buffer overflow even Windows Environment.

EXPLOIT NOT INCLUDED HERE

You don't need exploit written by me bcoz you already known that


Greet: Null@...t Group, BugTruck Mailling and Information Security Team in
NCSoft.
-- 
Make Our Internet Secure With H4ck3rz

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ