Document Title: =============== Firefox 3.6.3 & Safari 4.0.5 - Denial of Service Vulnerability Date: ===== 2011-06-16 References: =========== http://www.vulnerability-lab.com/get_content.php?id=186 VL-ID: ===== 186 Common Vulnerability Scoring System: ==================================== 3 Introduction: ============= Safari ist ein Browser, eine Plattform und eine offene Einladung, innovativ zu sein. Ob auf einem Mac, einem PC, einem iPhone oder einem iPod touch, Safari überschreitet die Möglichkeiten des Internet und überzeugt durch erstklassigen Benutzerkomfort. Safari 4 ist in englischer Sprache verfügbar. (Copy of the Vendor Homepage: http://www.apple.com) Mit Sicherheit, Stabilität, Geschwindigkeit und vielem mehr ist Firefox wie geschaffen für Ihre Art und Weise, das Internet zu nutzen. Mozilla Firefox ist einer der berühmtesten & meist genutzten Webbrowser im Internet. (Copy of the Vendor Homepage: http://www.mozilla.com) Abstract: ========= Vulnerability-Lab Team discovered a remote denial of service vulnerability on Safari v4.0.5 & Mozilla Forefox 3.6.3 browsers. The remote denial of service vulnerability can lead to different unhandled appcrashs & .dll error exceptions. Report-Timeline: ================ 2011-06-18: Public Disclosure Status: ======== Published Affected Products: ================== Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== A denial of service vulnerability is detected on Safari 5.0.4. The vulnerability allows an attacker to form special crafted links to crash the browser on the remote way. The problem is a string to char convert on the javascriptcore.dll of the safari browser of apple. Victim need ot open a manipulated file via url request for exploitation. Works on Iphone, IPad & the standard MacOS or iOS Systems with Browser. Vulnerable Module(s): [+] JavaScriptCore.dll --- Exception & Error Logs --- Version=1 EventType=APPCRASH EventTime=129185239482901809 ReportType=2 Consent=1 UploadTime=129185239485841977 ReportIdentifier=b33c3844-613d-11df-ae0c-cc0b09ad14de IntegratorReportIdentifier=b33c3843-613d-11df-ae0c-cc0b09ad14de WOW64=1 Response.BucketId=1754424409 Response.BucketTable=1 Response.type=4 Sig[0].Name=Anwendungsname Sig[0].Value=Safari.exe Sig[1].Name=Anwendungsversion Sig[1].Value=5.31.22.7 Sig[2].Name=Anwendungszeitstempel Sig[2].Value=4b8f94fa Sig[3].Name=Fehlermodulname Sig[3].Value=JavaScriptCore.dll Sig[4].Name=Fehlermodulversion Sig[4].Value=5.31.22.5 Sig[5].Name=Fehlermodulzeitstempel Sig[5].Value=4b8cb88c Sig[6].Name=Ausnahmecode Sig[6].Value=c0000005 Sig[7].Name=Ausnahmeoffset Sig[7].Value=0008b267 DynamicSig[1].Name=Betriebsystemversion DynamicSig[1].Value=6.1.7600.2.0.0.768.3 DynamicSig[2].Name=Gebietsschema-ID DynamicSig[2].Value=1031 DynamicSig[22].Name=Zusatzinformation 1 DynamicSig[22].Value=0a9e DynamicSig[23].Name=Zusatzinformation 2 DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789 DynamicSig[24].Name=Zusatzinformation 3 DynamicSig[24].Value=0a9e DynamicSig[25].Name=Zusatzinformation 4 DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789 UI[2]=C://Program Files (x86)//Safari//Safari.exe UI[3]=Safari funktioniert nicht mehr UI[4]=Windows kann online nach einer Lösung für das Problem suchen. UI[5]=Online nach einer Lösung suchen und das Programm schließen UI[6]=Später online nach einer Lösung suchen und das Programm schließen UI[7]=Programm schließen LoadedModule[0]=C://Program Files (x86)//Safari//Safari.exe LoadedModule[1]=C://Windows//SysWOW64//ntdll.dll LoadedModule[2]=C://Windows//syswow64//kernel32.dll LoadedModule[3]=C://Windows//syswow64//KERNELBASE.dll LoadedModule[4]=C://Windows//syswow64//SHLWAPI.dll LoadedModule[5]=C://Windows//syswow64//GDI32.dll LoadedModule[6]=C://Windows//syswow64//USER32.dll LoadedModule[7]=C://Windows//syswow64//ADVAPI32.dll LoadedModule[8]=C://Windows//syswow64//msvcrt.dll LoadedModule[9]=C://Windows//SysWOW64//sechost.dll LoadedModule[10]=C://Windows//syswow64//RPCRT4.dll LoadedModule[11]=C://Windows//syswow64//SspiCli.dll LoadedModule[12]=C://Windows//syswow64//CRYPTBASE.dll LoadedModule[13]=C://Windows//syswow64//LPK.dll LoadedModule[14]=C://Windows//syswow64//USP10.dll LoadedModule[15]=C://Windows//WinSxS//x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5//MSVCR80.dll LoadedModule[16]=C://Windows//system32//IMM32.DLL LoadedModule[17]=C://Windows//syswow64//MSCTF.dll LoadedModule[18]=C://Windows//syswow64//ole32.dll LoadedModule[19]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//AppleVersions.dll LoadedModule[20]=C://Windows//system32//VERSION.dll LoadedModule[21]=C://Program Files (x86)//Safari//Safari.dll LoadedModule[22]=C://Windows//syswow64//SHELL32.dll LoadedModule[23]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//CoreFoundation.dll LoadedModule[24]=C://Windows//syswow64//WS2_32.dll LoadedModule[25]=C://Windows//syswow64//NSI.dll LoadedModule[26]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//pthreadVC2.dll LoadedModule[27]=C://Windows//system32//WSOCK32.dll LoadedModule[28]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//objc.dll LoadedModule[29]=C://Windows//WinSxS//x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5//MSVCP80.dll LoadedModule[30]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//icuin40.dll LoadedModule[31]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//icuuc40.dll LoadedModule[32]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//icudt40.dll LoadedModule[33]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//ASL.dll LoadedModule[34]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//JavaScriptCore.dll LoadedModule[35]=C://Windows//syswow64//OLEAUT32.dll LoadedModule[36]=C://Windows//system32//WINMM.dll LoadedModule[37]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//CFNetwork.dll LoadedModule[38]=C://Windows//syswow64//CRYPT32.dll LoadedModule[39]=C://Windows//syswow64//MSASN1.dll LoadedModule[40]=C://Windows//syswow64//WININET.dll LoadedModule[41]=C://Windows//syswow64//Normaliz.dll LoadedModule[42]=C://Windows//syswow64//urlmon.dll LoadedModule[43]=C://Windows//syswow64//iertutil.dll LoadedModule[44]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//SQLite3.dll LoadedModule[45]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//zlib1.dll LoadedModule[46]=C://Windows//system32//iphlpapi.dll LoadedModule[47]=C://Windows//system32//WINNSI.DLL LoadedModule[48]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//CoreGraphics.dll LoadedModule[49]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//WebKit.dll LoadedModule[50]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//libxml2.dll LoadedModule[51]=C://Program Files (x86)//Safari//SafariTheme.dll LoadedModule[52]=C://Windows//system32//UxTheme.dll LoadedModule[53]=C://Windows//WinSxS//x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc//COMCTL32.dll LoadedModule[54]=C://Program Files (x86)//Common Files//microsoft shared//ink//tiptsf.dll LoadedModule[55]=C://Windows//system32//profapi.dll LoadedModule[56]=C://Windows//system32//dwmapi.dll LoadedModule[57]=C://Windows//syswow64//CLBCatQ.DLL LoadedModule[58]=C://Windows//system32//WindowsCodecs.dll LoadedModule[59]=C://Windows//system32//apphelp.dll LoadedModule[60]=C://Windows//system32//EhStorShell.dll LoadedModule[61]=C://Windows//syswow64//SETUPAPI.dll LoadedModule[62]=C://Windows//syswow64//CFGMGR32.dll LoadedModule[63]=C://Windows//syswow64//DEVOBJ.dll LoadedModule[64]=C://Windows//system32//PROPSYS.dll LoadedModule[65]=C://Windows//system32//ntshrui.dll LoadedModule[66]=C://Windows//system32//srvcli.dll LoadedModule[67]=C://Windows//system32//cscapi.dll LoadedModule[68]=C://Windows//system32//slc.dll LoadedModule[69]=C://Windows//system32//WINSPOOL.DRV LoadedModule[70]=C://Windows//system32//d3d9.dll LoadedModule[71]=C://Windows//system32//d3d8thk.dll LoadedModule[72]=C://Windows//system32//atiumdag.dll LoadedModule[73]=C://Windows//system32//atiumdva.dll LoadedModule[74]=C://Windows//system32//mscms.dll LoadedModule[75]=C://Windows//system32//USERENV.dll LoadedModule[76]=C://Windows//System32//msxml6.dll LoadedModule[77]=C://Windows//system32//Cryptdll.dll LoadedModule[78]=C://Windows//system32//dhcpcsvc6.DLL LoadedModule[79]=C://Windows//system32//dhcpcsvc.DLL LoadedModule[80]=C://Windows//system32//oleacc.dll LoadedModule[81]=C://Windows//system32//CRYPTSP.dll LoadedModule[82]=C://Windows//system32//rsaenh.dll LoadedModule[83]=C://Windows//system32//RpcRtRemote.dll LoadedModule[84]=C://Windows//system32//SXS.DLL LoadedModule[85]=C://Windows//system32//explorerframe.dll LoadedModule[86]=C://Windows//system32//DUser.dll LoadedModule[87]=C://Windows//system32//DUI70.dll LoadedModule[88]=C://Windows//system32//MSIMG32.dll LoadedModule[89]=C://Program Files (x86)//Safari//PubSubDLL.dll LoadedModule[90]=C://Program Files (x86)//Common Files//Apple//Apple Application Support//libtidy.dll LoadedModule[91]=C://Windows//system32//dnsapi.DLL LoadedModule[92]=C://Windows//System32//netprofm.dll LoadedModule[93]=C://Windows//System32//nlaapi.dll LoadedModule[94]=C://Windows//System32//npmproxy.dll LoadedModule[95]=C://Windows//system32//mswsock.dll LoadedModule[96]=C://Windows//System32//wship6.dll LoadedModule[97]=C://Windows//System32//wshtcpip.dll LoadedModule[98]=C://Windows//system32//rasadhlp.dll LoadedModule[99]=C://Windows//System32//fwpuclnt.dll LoadedModule[100]=C://Program Files (x86)//Safari//Search.dll State[0].Key=Transport.DoneStage1 State[0].Value=1 FriendlyEventName=Nicht mehr funktionsfähig ConsentKey=APPCRASH AppName=Safari AppPath=C://Program Files (x86)//Safari//Safari.exe Pictures: ../Safari.png After testing with Safari i tried the older Firefox versions ... and works ... but not as stable corruption ... just as application hang crash whats not really important. --- Crash Signature --- Add-ons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 BuildID: 20100401080539 CrashTime: 1274047373 EMCheckCompatibility: true FramePoisonBase: 00000000f0de0000 FramePoisonSize: 65536 InstallTime: 1274047353 ProductName: Firefox ReleaseChannel: release StartupTime: 1274047353 Theme: classic/1.0 Throttleable: 1 Vendor: Mozilla Version: 3.6.3 Diese Meldung enthält Informationen über den Status der Anwendung zum Zeitpunkt des Absturzes. Add-ons: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,sqlime@security.compass:0.4.5,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5,nl-NL@dictionaries.addons.mozilla.org:2.2.0,xssme@security.compass:0.4.4,{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1,{078fac48-925f-4524-7cfe-85d44b8f4f98}:1.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 BuildID: 20100401080539 CrashTime: 1274048978 EMCheckCompatibility: true FramePoisonBase: 00000000f0de0000 FramePoisonSize: 65536 InstallTime: 1271001297 ProductName: Firefox ReleaseChannel: release SecondsSinceLastCrash: 18961191 StartupTime: 1274048839 Theme: classic/1.0 Throttleable: 1 URL: file:///C:/Users/Pim%20Campers/Desktop/exploit.html Vendor: Mozilla Version: 3.6.3 This report also contains technical information about the state of the application when it crashed. --- Debug Logs --- Version=1 EventType=AppHangB1 EventTime=129185060262769200 ReportType=3 Consent=1 UploadTime=129185060287489643 ReportIdentifier=f8d5f75c-6113-11df-aeb8-f058f4e2ccda IntegratorReportIdentifier=f8d5f75d-6113-11df-aeb8-f058f4e2ccda WOW64=1 Response.BucketId=1079492713 Response.BucketTable=5 Response.type=4 Sig[0].Name=Anwendungsname Sig[0].Value=firefox.exe Sig[1].Name=Anwendungsversion Sig[1].Value=1.9.2.3743 Sig[2].Name=Anwendungszeitstempel Sig[2].Value=4bb4be02 Sig[3].Name=Absturzsignatur Sig[3].Value=d496 Sig[4].Name=Absturztyp Sig[4].Value=0 DynamicSig[1].Name=Betriebsystemversion DynamicSig[1].Value=6.1.7600.2.0.0.768.3 DynamicSig[2].Name=Gebietsschema-ID DynamicSig[2].Value=1031 DynamicSig[22].Name=Zusätzliche Absturzsignatur 1 DynamicSig[22].Value=d496cf6633958b1ae4d8334c2f20f6a8 DynamicSig[23].Name=Zusätzliche Absturzsignatur 2 DynamicSig[23].Value=640f DynamicSig[24].Name=Zusätzliche Absturzsignatur 3 DynamicSig[24].Value=640fd84d363223b27e9ec50b94061313 DynamicSig[25].Name=Zusätzliche Absturzsignatur 4 DynamicSig[25].Value=d496 DynamicSig[26].Name=Zusätzliche Absturzsignatur 5 DynamicSig[26].Value=d496cf6633958b1ae4d8334c2f20f6a8 DynamicSig[27].Name=Zusätzliche Absturzsignatur 6 DynamicSig[27].Value=640f DynamicSig[28].Name=Zusätzliche Absturzsignatur 7 DynamicSig[28].Value=640fd84d363223b27e9ec50b94061313 UI[3]=Firefox reagiert nicht UI[4]=Wenn Sie das Programm schließen, gehen möglicherweise Informationen verloren. UI[5]=Programm schließen UI[6]=Programm schließen UI[7]=Programm schließen LoadedModule[0]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//firefox.exe LoadedModule[1]=C://Windows//SysWOW64//ntdll.dll LoadedModule[2]=C://Windows//syswow64//kernel32.dll LoadedModule[3]=C://Windows//syswow64//KERNELBASE.dll LoadedModule[4]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//xul.dll LoadedModule[5]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//sqlite3.dll LoadedModule[6]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//MOZCRT19.dll LoadedModule[7]=C://Windows//syswow64//msvcrt.dll LoadedModule[8]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//js3250.dll LoadedModule[9]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nspr4.dll LoadedModule[10]=C://Windows//syswow64//ADVAPI32.dll LoadedModule[11]=C://Windows//SysWOW64//sechost.dll LoadedModule[12]=C://Windows//syswow64//RPCRT4.dll LoadedModule[13]=C://Windows//syswow64//SspiCli.dll LoadedModule[14]=C://Windows//syswow64//CRYPTBASE.dll LoadedModule[15]=C://Windows//system32//WSOCK32.dll LoadedModule[16]=C://Windows//syswow64//WS2_32.dll LoadedModule[17]=C://Windows//syswow64//NSI.dll LoadedModule[18]=C://Windows//system32//WINMM.dll LoadedModule[19]=C://Windows//syswow64//USER32.dll LoadedModule[20]=C://Windows//syswow64//GDI32.dll LoadedModule[21]=C://Windows//syswow64//LPK.dll LoadedModule[22]=C://Windows//syswow64//USP10.dll LoadedModule[23]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//smime3.dll LoadedModule[24]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nss3.dll LoadedModule[25]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nssutil3.dll LoadedModule[26]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//plc4.dll LoadedModule[27]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//plds4.dll LoadedModule[28]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//ssl3.dll LoadedModule[29]=C://Windows//syswow64//SHELL32.dll LoadedModule[30]=C://Windows//syswow64//SHLWAPI.dll LoadedModule[31]=C://Windows//syswow64//ole32.dll LoadedModule[32]=C://Windows//system32//VERSION.dll LoadedModule[33]=C://Windows//system32//WINSPOOL.DRV LoadedModule[34]=C://Windows//syswow64//COMDLG32.dll LoadedModule[35]=C://Windows//WinSxS//x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc//COMCTL32.dll LoadedModule[36]=C://Windows//syswow64//IMM32.dll LoadedModule[37]=C://Windows//syswow64//MSCTF.dll LoadedModule[38]=C://Windows//system32//MSIMG32.dll LoadedModule[39]=C://Windows//syswow64//OLEAUT32.dll LoadedModule[40]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//xpcom.dll LoadedModule[41]=C://Windows//system32//uxtheme.dll LoadedModule[42]=C://Windows//system32//dwmapi.dll LoadedModule[43]=C://Windows//system32//dbghelp.dll LoadedModule[44]=C://Program Files (x86)//Common Files//microsoft shared//ink//tiptsf.dll LoadedModule[45]=C://Windows//syswow64//SETUPAPI.dll LoadedModule[46]=C://Windows//syswow64//CFGMGR32.dll LoadedModule[47]=C://Windows//syswow64//DEVOBJ.dll LoadedModule[48]=C://Windows//syswow64//CLBCatQ.DLL LoadedModule[49]=C://Windows//system32//propsys.dll LoadedModule[50]=C://Windows//system32//ntmarta.dll LoadedModule[51]=C://Windows//syswow64//WLDAP32.dll LoadedModule[52]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//components//browserdirprovider.dll LoadedModule[53]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//components//brwsrcmp.dll LoadedModule[54]=C://Windows//system32//mswsock.dll LoadedModule[55]=C://Windows//System32//wshtcpip.dll LoadedModule[56]=C://Windows//system32//iphlpapi.dll LoadedModule[57]=C://Windows//system32//WINNSI.DLL LoadedModule[58]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//Data//profile//extensions//{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}//components//nstidy.dll LoadedModule[59]=C://Windows//System32//wship6.dll LoadedModule[60]=C://Windows//system32//t2embed.dll LoadedModule[61]=C://Windows//system32//shdocvw.dll LoadedModule[62]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//softokn3.dll LoadedModule[63]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nssdbm3.dll LoadedModule[64]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//freebl3.dll LoadedModule[65]=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//firefox//nssckbi.dll LoadedModule[66]=C://Windows//system32//NLAapi.dll LoadedModule[67]=C://Windows//system32//DNSAPI.dll LoadedModule[68]=C://Windows//System32//winrnr.dll LoadedModule[69]=C://Windows//system32//napinsp.dll LoadedModule[70]=C://Windows//system32//pnrpnsp.dll LoadedModule[71]=C://Windows//system32//WindowsCodecs.dll LoadedModule[72]=C://Windows//system32//apphelp.dll LoadedModule[73]=C://Windows//system32//EhStorShell.dll LoadedModule[74]=C://Windows//system32//ntshrui.dll LoadedModule[75]=C://Windows//system32//srvcli.dll LoadedModule[76]=C://Windows//system32//cscapi.dll LoadedModule[77]=C://Windows//system32//slc.dll LoadedModule[78]=C://Windows//system32//CRYPTSP.dll LoadedModule[79]=C://Windows//system32//rsaenh.dll LoadedModule[80]=C://Windows//system32//RpcRtRemote.dll LoadedModule[81]=C://Windows//system32//profapi.dll LoadedModule[82]=C://Windows//system32//mscms.dll LoadedModule[83]=C://Windows//system32//USERENV.dll LoadedModule[84]=C://Windows//System32//msxml6.dll LoadedModule[85]=C://Windows//system32//rasadhlp.dll LoadedModule[86]=C://Windows//system32//oleacc.dll LoadedModule[87]=C://Windows//system32//SXS.DLL LoadedModule[88]=C://Windows//system32//explorerframe.dll LoadedModule[89]=C://Windows//system32//DUser.dll LoadedModule[90]=C://Windows//system32//DUI70.dll LoadedModule[91]=C://Windows//System32//fwpuclnt.dll LoadedModule[92]=C://Windows//system32//Macromed//Flash//NPSWF32.dll LoadedModule[93]=C://Windows//syswow64//WININET.dll LoadedModule[94]=C://Windows//syswow64//Normaliz.dll LoadedModule[95]=C://Windows//syswow64//urlmon.dll LoadedModule[96]=C://Windows//syswow64//CRYPT32.dll LoadedModule[97]=C://Windows//syswow64//MSASN1.dll LoadedModule[98]=C://Windows//syswow64//iertutil.dll LoadedModule[99]=C://Windows//system32//mlang.dll LoadedModule[100]=C://Windows//system32//MMDevAPI.DLL LoadedModule[101]=C://Windows//system32//wdmaud.drv LoadedModule[102]=C://Windows//system32//ksuser.dll LoadedModule[103]=C://Windows//system32//AVRT.dll LoadedModule[104]=C://Windows//system32//AUDIOSES.DLL LoadedModule[105]=C://Windows//system32//msacm32.drv LoadedModule[106]=C://Windows//system32//MSACM32.dll LoadedModule[107]=C://Windows//system32//midimap.dll LoadedModule[108]=C://Windows//system32//Secur32.dll LoadedModule[109]=C://Windows//system32//credssp.dll LoadedModule[110]=C://Windows//SysWOW64//schannel.dll LoadedModule[111]=C://Windows//system32//msls31.dll LoadedModule[112]=C://Windows//system32//xmllite.dll LoadedModule[113]=C://Windows//system32//UIAutomationCore.dll LoadedModule[114]=C://Windows//syswow64//PSAPI.DLL LoadedModule[115]=C://Windows//System32//StructuredQuery.dll LoadedModule[116]=C://Windows//SysWOW64//actxprxy.dll LoadedModule[117]=C://Program Files (x86)//Internet Explorer//ieproxy.dll LoadedModule[118]=C://Windows//SysWOW64//thumbcache.dll LoadedModule[119]=C://Windows//system32//ieframe.DLL LoadedModule[120]=C://Windows//system32//SearchFolder.dll LoadedModule[121]=C://Windows//system32//NetworkExplorer.dll LoadedModule[122]=C://Windows//system32//LINKINFO.dll LoadedModule[123]=C://Windows//system32//MPR.dll LoadedModule[124]=C://Windows//System32//drprov.dll LoadedModule[125]=C://Windows//System32//WINSTA.dll LoadedModule[126]=C://Windows//System32//ntlanman.dll LoadedModule[127]=C://Windows//System32//davclnt.dll LoadedModule[128]=C://Windows//System32//DAVHLPR.dll LoadedModule[129]=C://Windows//system32//wkscli.dll LoadedModule[130]=C://Windows//system32//netutils.dll LoadedModule[131]=C://Windows//system32//PortableDeviceApi.dll LoadedModule[132]=C://Windows//system32//samcli.dll LoadedModule[133]=C://Windows//system32//SAMLIB.dll LoadedModule[134]=C://Windows//syswow64//WINTRUST.dll LoadedModule[135]=C://Windows//system32//EhStorAPI.dll LoadedModule[136]=C://Windows//system32//RASAPI32.dll LoadedModule[137]=C://Windows//system32//rasman.dll LoadedModule[138]=C://Windows//system32//rtutils.dll LoadedModule[139]=C://Windows//system32//sensapi.dll LoadedModule[140]=C://Windows//System32//Wpc.dll LoadedModule[141]=C://Windows//System32//wevtapi.dll LoadedModule[142]=C://Program Files (x86)//Windows Defender//MpOav.dll State[0].Key=Transport.DoneStage1 State[0].Value=1 FriendlyEventName=Beendet und geschlossen. ConsentKey=AppHangXProcB1 AppName=Firefox AppPath=C://Users//Rem0ve//Desktop//Cuts//Browser//FirefoxPortable//App//Firefox//firefox.exe ReportDescription=Aufgrund eines Problems kann dieses Programm nicht mehr mit Windows kommunizieren. Pictures: ../mf-portable1.png ../mf-portable2.png ../mf-stable-3.6.3-1.png Proof of Concept: ================= This vulnerabilities can be exploited by remote attackers with user inter action. For demonstration or reproduce ... or ... Risk: ===== The security risk of the memory corruption vulnerability is estimated as medium. Credits: ======== Vulnerability-Lab [research@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact: admin@vulnerability-lab.com - support@vulnerability-lab.com - research@vulnerability-lab.com Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. Copyright © 2012 | Vulnerability Laboratory