Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API函数输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110256 漏洞类型 设计错误
发布时间 2006-05-10 更新时间 2006-05-12
CVE编号 CVE-2006-2334 CNNVD-ID CNNVD-200605-189
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/27851
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-189
|漏洞详情
MicrosoftWindows2000SP4和XPSP2的NTDLL.DLL中的RtlDosPathNameToNtPathName_UAPI函数未能将DOS样式的路径正确地转换为NT样式的路径,与上下文有关的攻击者可以创建无法通过预期的DOS路径访问的文件,或防止对同一目录内其他有类似名称的文件的访问,从而阻止某些杀毒软件或反间谍软件对这些文件的检测或查杀。
|漏洞EXP
source: http://www.securityfocus.com/bid/17934/info

Microsoft Windows is susceptible to a path-conversion weakness that may allow attackers to bypass security applications. This issue occurs because the operating system uses multiple differing algorithms to resolve file paths.

Attackers may exploit this issue to bypass security software such as antivirus and antispyware products. Other attacks may also be possible.

Any software using the affected function (or APIs and other functions that in turn use the affected function) may be affected by this issue. Specific information regarding affected software and versions is known to be incomplete and possibly inaccurate. This BID will be updated as further information is disclosed.

echo X5O!P%@AP[4\PZX54(P^^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*>"\\?\C:\malware.exe "
|参考资料

来源:BID
名称:17934
链接:http://www.securityfocus.com/bid/17934
来源:BUGTRAQ
名称:20060509[48Bits.comAdvisory]PathconversiondesignflawinMicrosoftNTDLL
链接:http://www.securityfocus.com/archive/1/archive/1/433583/100/0/threaded
来源:MISC
链接:http://www.48bits.com/advisories/rtldospath.pdf
来源:XF
名称:win-ntdll-path-conversion(26487)
链接:http://xforce.iss.net/xforce/xfdb/26487
来源:OSVDB
名称:25761
链接:http://www.osvdb.org/25761