exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

blackICEpc.txt

blackICEpc.txt
Posted Sep 7, 2006
Authored by David Matousek | Site matousec.com

BlackICE PC Protection suffers from a denial of service condition when failing to validate the third argument of NtOpenSection.

tags | advisory, denial of service
SHA-256 | ad322b0aa27a0e340d007804e6b45dbbe64dff3993b8fba713250eda73ce27a1

blackICEpc.txt

Change Mirror Download
Hello,

I would like to inform you about a vulnerability in BlackICE PC Protection
driver found by Matousec - Transparent security.


Description:

Hooking SSDT functions requires extra caution. SSDT function handlers are executed in the kernel mode but their callers
are executed in the user mode. Hence all function arguments come from the user mode. This is why it is necessary to
validate these arguments properly. Otherwise a simple user call can easily crash the whole system. This bug usually
results in a system crash. However, it may happen that this bug is even more dangerous and can lead to the execution of
an arbitrary code in the privileged kernel mode.

BlackICE fails to validate the third argument of NtOpenSection. A call with invalid values in this argument can cause a
system crash because of an error in RapDrv.sys.


Vulnerable software:

* BlackICE PC Protection 3.6.cpn
* BlackICE PC Protection 3.6.cpj
* BlackICE PC Protection 3.6.cpiE
* probably all versions of BlackICE PC Protection 3.6
* possibly older versions


More details and a proof of concept including source code is available here:
http://www.matousec.com/info/advisories/BlackICE-Insufficient-validation-of-arguments-of-NtOpenSection.php

Regards,

--
David Matousek

Founder and Chief Representative of Matousec - Transparent security
http://www.matousec.com/

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close