https://www.exploit-db.com/exploits/38384
Avast! AntiVirus - X.509 Error Rendering Command Execution






漏洞ID | 1066468 | 漏洞类型 | |
发布时间 | 2015-10-02 | 更新时间 | 2015-10-02 |
![]() |
N/A | ![]() |
N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Source: https://code.google.com/p/google-security-research/issues/detail?id=546
Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature. Unbelievably, this means CN="<h1>really?!?!?</h1>" actually works, and is pretty simple to convert into remote code execution.
To verify this bug, I've attached a demo certificate for you. Please find attached key.pem, cert.pem and cert.der. Run this command to serve it from a machine with openssl:
$ sudo openssl s_server -key key.pem -cert cert.pem -accept 443
Then visit that https server from a machine with Avast installed. Click the message that appears to demonstrate launching calc.exe.
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/38384.zip
检索漏洞
开始时间
结束时间