Multiple Debugger Vendor Malicious Code Execution Vulnerability
BID:13104
Info
Multiple Debugger Vendor Malicious Code Execution Vulnerability
| Bugtraq ID: | 13104 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2005 12:00AM |
| Updated: | Apr 11 2005 12:00AM |
| Credit: | "Brett Moore" <[email protected]> is credited with the disclosure of this vulnerability. |
| Vulnerable: |
OllyDbg OllyDbg 1.10 OllyDbg OllyDbg 1.0 9 OllyDbg OllyDbg 1.0 8b OllyDbg OllyDbg 1.0 6 Microsoft WinDbg Microsoft Visual C++ 7.0 Microsoft Visual C++ 6.0 SP5 Microsoft Visual C++ 6.0 SP4 Microsoft Visual C++ 6.0 SP3 Microsoft Visual C++ 6.0 SP2 Microsoft Visual C++ 6.0 SP1 Microsoft Visual C++ 6.0 Microsoft Visual C++ 4.0 |
| Not Vulnerable: | |
Discussion
Multiple Debugger Vendor Malicious Code Execution Vulnerability
Multiple debugger vendors are reported prone to a malicious code execution vulnerability. This vulnerability is due to a failure of the affected applications to properly ensure that the examined code is run in a contained environment.
When an unsuspecting user attempts to debug the attacker-supplied executable, the malicious code from the included library will be run in the context of the debugger prior to the intended time, and in an uncontrolled manner.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of an affected debugger application. Due to the expected safe nature of debugging applications, potentially very cautious users may fall victim to this vulnerability.
OllyDbg, WinDbg, and Microsoft Visual C++ Debuggers are all reported susceptible to this vulnerability. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability.
Multiple debugger vendors are reported prone to a malicious code execution vulnerability. This vulnerability is due to a failure of the affected applications to properly ensure that the examined code is run in a contained environment.
When an unsuspecting user attempts to debug the attacker-supplied executable, the malicious code from the included library will be run in the context of the debugger prior to the intended time, and in an uncontrolled manner.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of an affected debugger application. Due to the expected safe nature of debugging applications, potentially very cautious users may fall victim to this vulnerability.
OllyDbg, WinDbg, and Microsoft Visual C++ Debuggers are all reported susceptible to this vulnerability. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability.
Exploit / POC
Multiple Debugger Vendor Malicious Code Execution Vulnerability
Example exploitation code is included in the referenced whitepaper.
Example exploitation code is included in the referenced whitepaper.
Solution / Fix
Multiple Debugger Vendor Malicious Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Multiple Debugger Vendor Malicious Code Execution Vulnerability
References:
References:
- Bugger The Debugger - Pre Interaction Debugger Code Execution ("Brett Moore"
- Debugging Tools for Windows (Microsoft)
- OllyDbg Homepage (OllyDbg)
- [WHITEPAPER] Bugger The Debugger ("Brett Moore"