This is a multi-part message in MIME format.
------=_NextPart_000_002E_01C53C57.7A3E6D20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
||=20
|| [ISR] =20
|| Infobyte Security Research=20
|| www.infobyte.com.ar
|| 04.08.2005=20
||
.:: SUMMARY
ISS - Internet Security Systems, RealSecure Desktop and BlackICE PC =
Protection
Format String
Version: BlackIce 7.0.322, It is suspected that all previous versions of =
BlackIce
are vulnerable.
.:: BACKGROUND
BlackICE products provide Intrusion Detection, personal firewall, and =
application protection.
http://www.iss.com =20
.:: DESCRIPTION
A local format string vulnerability affect RealSecure Desktop and =
BlackICE PC Protection
This issue is due to a failure of the application to securely copy =
user-supplied data into
field name of rules that user create.
Buffer used: AAAA%n%n%n%n
Information of Registers:
EAX 41414141
ECX 00000004
EDX 00000200
EBX 0000006E
ESP 0012E578
EBP 0012E7D0
ESI 0012E82A ASCII "%n, "
EDI 00000800
EIP 7800FB05 MSVCRT.7800FB05
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 1 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 0038 32bit 7FFDE000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_ALREADY_EXISTS (000000B7)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty -NAN FFFF FFF8FCF8 FFF8FCF8
ST1 empty -??? FFFF 00000000 00000000
ST2 empty -??? FFFF 00FE00F7 00FB00F7
ST3 empty -??? FFFF 00FE00F7 00FB00F7
ST4 empty -NAN FFFF FFF8FCF8 FFF8FCF8
ST5 empty -??? FFFF 00FF00F8 00FC00F8
ST6 empty -??? FFFF 00000000 00000000
ST7 empty -??? FFFF 00800080 00800080
3 2 1 0 E S P U O Z D I
FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
.:: EXTRA
We did not find any way to gain additional privileges
.:: DISCLOSURE TIMELINE
03/22/2005 Initial vendor notification
03/25/2005 Initial vendor response
04/08/2005 Public disclosure
.:: CREDIT
Francisco Amato is credited with discovering this vulnerability.
famato][at][infobyte][dot][com][dot][ar
.:: LEGAL NOTICES
Copyright (c) 2005 by [ISR] Infobyte Security Research.
Permission to redistribute this alert electronically is granted as long =
as it is not=20
edited in any way unless authorized by Infobyte Security Research =
Response.=20
Reprinting the whole or part of this alert in any medium other than =
electronically=20
requires permission from infobyte com ar
Disclaimer
The information in the advisory is believed to be accurate at the time =
of publishing=20
based on currently available information. Use of the information =
constitutes acceptance=20
for use in an AS IS condition. There are no warranties with regard to =
this information.=20
Neither the author nor the publisher accepts any liability for any =
direct, indirect, or=20
consequential loss or damage arising from use of, or reliance on, this =
information.
------=_NextPart_000_002E_01C53C57.7A3E6D20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
||=20
|| [ISR] =20
|| Infobyte Security Research=20
|| www.infobyte.com.ar
|| 04.08.2005=20
||
.:: SUMMARY
ISS - Internet Security Systems, RealSecure Desktop and BlackICE PC =
Protection
Format String
Version: BlackIce 7.0.322, It is suspected that all previous versions of =
BlackIce
are vulnerable.
.:: BACKGROUND
BlackICE products provide Intrusion Detection, personal firewall, and =
application protection.
http://www.iss.com =20
.:: DESCRIPTION
A local format string vulnerability affect RealSecure Desktop and =
BlackICE PC Protection
This issue is due to a failure of the application to securely copy =
user-supplied data into
field name of rules that user create.
Buffer used: AAAA%n%n%n%n
Information of Registers:
EAX 41414141
ECX 00000004
EDX 00000200
EBX 0000006E
ESP 0012E578
EBP 0012E7D0
ESI 0012E82A ASCII "%n, "
EDI 00000800
EIP 7800FB05 MSVCRT.7800FB05
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 1 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 0038 32bit 7FFDE000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_ALREADY_EXISTS (000000B7)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty -NAN FFFF FFF8FCF8 FFF8FCF8
ST1 empty -??? FFFF 00000000 00000000
ST2 empty -??? FFFF 00FE00F7 00FB00F7
ST3 empty -??? FFFF 00FE00F7 00FB00F7
ST4 empty -NAN FFFF FFF8FCF8 FFF8FCF8
ST5 empty -??? FFFF 00FF00F8 00FC00F8
ST6 empty -??? FFFF 00000000 00000000
ST7 empty -??? FFFF 00800080 00800080
3 2 1 0 E S P U O Z D I
FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
.:: EXTRA
We did not find any way to gain additional privileges
.:: DISCLOSURE TIMELINE
03/22/2005 Initial vendor notification
03/25/2005 Initial vendor response
04/08/2005 Public disclosure
.:: CREDIT
Francisco Amato is credited with discovering this vulnerability.
famato][at][infobyte][dot][com][dot][ar
.:: LEGAL NOTICES
Copyright (c) 2005 by [ISR] Infobyte Security Research.
Permission to redistribute this alert electronically is granted as long =
as it is not=20
edited in any way unless authorized by Infobyte Security Research =
Response.=20
Reprinting the whole or part of this alert in any medium other than =
electronically=20
requires permission from infobyte com ar
Disclaimer
The information in the advisory is believed to be accurate at the time =
of publishing=20
based on currently available information. Use of the information =
constitutes acceptance=20
for use in an AS IS condition. There are no warranties with regard to =
this information.=20
Neither the author nor the publisher accepts any liability for any =
direct, indirect, or=20
consequential loss or damage arising from use of, or reliance on, this =
information.
------=_NextPart_000_002E_01C53C57.7A3E6D20--