Comments on: Green Dam URL Processing Buffer Overflow exploit (meta) http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/ a non-profit information security web site authored by Moshe Ben Abu (Trancer), focusing on vulnerability research, exploit development (mainly for the Metasploit Framework), web application security, information security and hacking news from around the world. Fri, 12 Mar 2010 03:47:25 +0000 http://www.rec-sec.com hourly 1 By: seer[N.N.U] http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1061 seer[N.N.U] Fri, 10 Jul 2009 11:23:34 +0000 http://www.rec-sec.com/?p=678#comment-1061 Wow, this one is more complete~ I posted the original exploit and was warned 1 week later...T_T Fortunately, Green Dam is not likely to be mandatory install until today. It` a joke, just a joke ;-) Wow, this one is more complete~

I posted the original exploit and was warned 1 week later…T_T

Fortunately, Green Dam is not likely to be mandatory install until today. It` a joke, just a joke ;-)

]]> By: Draper L. Kauffman » Blog Archive » SQL slammer (computer worm) http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1060 Draper L. Kauffman » Blog Archive » SQL slammer (computer worm) Wed, 08 Jul 2009 09:03:09 +0000 http://www.rec-sec.com/?p=678#comment-1060 [...] Recognize-Security | Green Dam URL Processing Buffer Overflow … [...] [...] Recognize-Security | Green Dam URL Processing Buffer Overflow … [...]

]]> By: Trancer http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1053 Trancer Sun, 05 Jul 2009 13:45:02 +0000 http://www.rec-sec.com/?p=678#comment-1053 @spdr Thanks bro'! A fully working exploit will be posted soon. @spdr Thanks bro’!
A fully working exploit will be posted soon.

]]> By: spdr http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1047 spdr Thu, 02 Jul 2009 01:20:52 +0000 http://www.rec-sec.com/?p=678#comment-1047 Hey, GJ on the vlc bug ;-) started releasing bugs recently ? Hey, GJ on the vlc bug ;-) started releasing bugs recently ?

]]> By: SecureWorks: Green-Dam-Software enth?lt unsicheren und schlampigen Code - Security | News | ZDNet.de http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1036 SecureWorks: Green-Dam-Software enth?lt unsicheren und schlampigen Code - Security | News | ZDNet.de Fri, 26 Jun 2009 08:05:14 +0000 http://www.rec-sec.com/?p=678#comment-1036 [...] Windows XP SP3 sowie IE7 und Windows Vista SP1 getestet", schreibt der Sicherheitsforscher in einem Blogeintrag. .story .element .tags { color: #666666; font-size: 11px; vertical-align: middle; } Tags: [...] [...] Windows XP SP3 sowie IE7 und Windows Vista SP1 getestet”, schreibt der Sicherheitsforscher in einem Blogeintrag. .story .element .tags { color: #666666; font-size: 11px; vertical-align: middle; } Tags: [...]

]]> By: Malware Analysis & Diagnostic http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1034 Malware Analysis & Diagnostic Wed, 24 Jun 2009 17:28:54 +0000 http://www.rec-sec.com/?p=678#comment-1034 <strong>Le logiciel de filtrage pornographique du gouvernement chinois est vuln?rable...</strong> La France avec ses ~65 millions d'habitants compte ~33 millions d'internautes. Derni?rement, la loi aux multiples noms HADOPI, LCI, OLIVENNES... a ?t? s?rieusement perturb?e par la d?cision (n° 2009-580)  du Conseil Constitutionnel ; les ... Le logiciel de filtrage pornographique du gouvernement chinois est vuln?rable…

La France avec ses ~65 millions d’habitants compte ~33 millions d’internautes. Derni?rement, la loi aux multiples noms HADOPI, LCI, OLIVENNES… a ?t? s?rieusement perturb?e par la d?cision (n° 2009-580)  du Conseil Constitutionnel ; les …

]]> By: Remote code execution exploit for Green Dam in the wild | Zero Day | ZDNet.com http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1032 Remote code execution exploit for Green Dam in the wild | Zero Day | ZDNet.com Wed, 24 Jun 2009 14:52:38 +0000 http://www.rec-sec.com/?p=678#comment-1032 [...] However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild. [...] [...] However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild. [...]

]]> By: Trancer http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1029 Trancer Tue, 23 Jun 2009 00:13:15 +0000 http://www.rec-sec.com/?p=678#comment-1029 The software was silently patched the vendor on June 13. Still version 3.17 and with no public notice. But, the vulnerability can be leveraged in different ways, see - http://www.cse.umich.edu/~jhalderm/pub/gd/#add1 The .NET binary is loaded to 0x24240000 because the return address is overwritten with $$$$, == 0x24242424. The software was silently patched the vendor on June 13. Still version 3.17 and with no public notice.
But, the vulnerability can be leveraged in different ways, see – http://www.cse.umich.edu/~jhalderm/pub/gd/#add1

The .NET binary is loaded to 0×24240000 because the return address is overwritten with $$$$, == 0×24242424.

]]> By: Spk http://www.rec-sec.com/2009/06/16/green-dam-url-overflow-exploit/comment-page-1/#comment-1027 Spk Mon, 22 Jun 2009 18:21:05 +0000 http://www.rec-sec.com/?p=678#comment-1027 i downloaded greendam from lssw365 site (version 3.17) and can't reproduce the bug, no access violation or any kind of exception occurs. and another question, in the exploit, why the .net binary loads to image base 0x24240000 ? i downloaded greendam from lssw365 site (version 3.17) and can’t reproduce the bug, no access violation or any kind of exception occurs.
and another question, in the exploit, why the .net binary loads to image base 0×24240000 ?

]]>