Returnil Virtual System 2008 - Password Disclosure Issue

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052687 漏洞类型
发布时间 2008-06-17 更新时间 2008-06-17
漏洞平台 N/A CVSS评分 N/A
Returnil Virtual System 2008 - Password Disclosure Issue

-===[ Vulnerable ]============================================-
Product: Returnil Virtual System 2008
[+] Personal Edition Final
[+] Premium Edition Final
Found on: Tuesday May 6, 2008
Discovered by: fRoGGz [SecuBox Labs]

-===[ Background ]============================================-
The Returnil Virtual System is a powerful virtualization 
technology that completely mirrors your actual computer 
setup. The RVS provides an altogether different and highly 
complimentary level of defense. It's designed to protect 
your computer from all types of software, downloads, 
websites that might harbor viruses, spyware and other 
malicious programs. Returnil virtualization technology 
clones a computer's System Partition and boots the PC into 
this system rather than native Windows, allowing users to 
run your applications in a completely isolated environment.

-===[ Description ]===========================================-
Like many software, configuration access is password protected.
RVSYSTEM.DAT is an encrypted file that contains this config.
But the problem is that the password is decrypted in a static 
memory area BEFORE the user has even identified himself.

Hackers could copy the .dat file or directly grab the plaintext 
password in memory at offset 0x00B0F3A9 then modify the config 
(ex: add a backdoor or keylogger, ...). Of course on every 
future reboot, computer will start with this evil config.

Quote: A private recovery tool have been coded for RVS.

Vendor have NOT been notified, it's a minor problem.