[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CADYtyvKYyv74KFKbjhwA90qykafjrn-mzyN1yu-nt2eG2SZSTA@mail.gmail.com>
Date: Mon, 9 Jul 2012 10:07:12 -0400
From: Григорий Братислава <musntlive@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Remote Exploit in Words With Friends
Hello is full disclosure!! !! !!
Is like to warn you about remote vulnerability is "Words With Friends"
-----------------------------
Advisory: Words With Friends is played by millions of people. Attack
is grant remote access to is player machine. Full control
-----------------------------
URL:http://tinyurl.com/wordsisfriends
-----------------------------
Affected products: All is Apple products that is allow Words With Friends.
-----------------------------
Timeline:
01.07.1997 - Hong Kong returned to China
01.01.1998 - Richard Bejtlich first to discover and make term APT
02.01.1998 - Richard Bejtlich is made Captain of USAF CERT
03.07.2007 - GE is bamboozled is to think APT is after them
15.03.2011 - GE subordinates is so happy no more APT paranoia after April
01.04.2011 - Mandiant is next company to be APT bamboozled
-----------------------------
Details:
Words With Friends players is play game to make words and get points.
Musntlive is discover remote vulnerability in game.
-----------------------------
PoC Code:
%68%74%74%70%3a%2f%2f%77%77%77%2e%6c%65%78%69%63%61
%6c%77%6f%72%64%66%69%6e%64%65%72%2e%63%6f%6d%2f%3f
%67%61%6d%65%3d%57%a%6f%72%64%73%5f%57%69%74%68%5f
%46%72%69%65%6e%64%73%26%6c%61%79%6f%75%74%3d%31%26
%74%69%6c%65%73%3d%25%32%30%26%62%6f%61%a%72%64%3d%
2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%
2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%
2d%2d%2d%a%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d
%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d
%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%a%2d%2d%2d%77%2d%2d
%2d%2d%2d%2d%2d%2d%2d%2d%6d%2d%2d%2d%61%2d%2d%2d%2d
%2d%2d%2d%2d%2d%76%75%6c%6e%65%72%61%62%69%6c%69%74
%a%79%2d%2d%2d%73%2d%2d%2d%6e%2d%2d%73%2d%2d%2d%6f
%2d%2d%2d%74%2d%2d%2d%2d%2d%2d%2d%61%62%6f%75%74%2d
%2d%2d%2d%2d%2d%2d%2d%a%2d%2d%2d%2d%2d%2d%2d%2d%2d
%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%6d%6f%76
%25%32%30%64%78%25%32%30%61%78%25%32%30%25%a%32%30
%2d%2d%2d%2d%6d%6f%76%2d%64%6c%25%32%30%63%6c%25%32
%30%25%32%30%2d%2d%2d%2d%70%6f%70%2d%65%73%2d%2d%2d
%2d%2d%2d%2d
-----------------------------
Live exploit
http://tinyurl.com/wordsisfriends
Best regards & is wishes,
MusntLive
Administrator of Internet Security
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists