exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 38884

Secunia Security Advisory 38884
Posted Mar 11, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luka Milkovic has reported some vulnerabilities in Super Ad Blocker, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
SHA-256 | fd5f4a1b71210da0bf39b460e631ec28b2f140e1d34ab7444fd7f609866e1282

Secunia Security Advisory 38884

Change Mirror Download
----------------------------------------------------------------------


Use WSUS to deploy 3rd party patches

Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Super Ad Blocker Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA38884

VERIFY ADVISORY:
http://secunia.com/advisories/38884/

DESCRIPTION:
Luka Milkovic has reported some vulnerabilities in Super Ad Blocker,
which can be exploited by malicious, local users to cause a DoS
(Denial of Service) or gain escalated privileges.

1) The SABProcEnum.sys kernel driver passes user-space pointers in
calls to e.g. ZwQueryObject(). This can be exploited to cause a
NULL-pointer dereference and crash an affected system via specially
crafted IOCTLs.

2) A boundary error exists in SABKUTIL.sys when processing user-space
registration requests. This can be exploited to cause a buffer
overflow with process ID values and cause a system crash.

3) An error exists in SABKUTIL.sys when processing
IOCTL_SABKUTIL_ZWOPENPROCESS requests. This can be exploited to
corrupt kernel memory and cause a system crash via invalid parameters
passed to ZwOpenProcess().

4) The SABKUTIL.sys driver passes user-mode parameters to the
ZwQueryValueKey() function. This can be exploited to overwrite
arbitrary memory and potentially gain escalated privileges via a
specially crafted IOCTL_SABKUTIL_QUERY_VALUE request.

5) The SABKUTIL.sys driver provides wrappers against registry and
file functions. This can be exploited to read arbitrary files and
registry keys, or write to arbitrary registry keys via specially
crafted IOCTLs.

6) SABKUTIL.sys allows unrestricted access to the
SetVistaTokenInformation() function. This can be exploited to cause a
crash or gain escalated privileges via a specially crafted
IOCTL_SABKUTIL_SET_VISTA_TOKEN_INFORMATION request.

7) An error in SABKUTIL.sys can be exploited to gain escalated
privileges via a specially crafted
IOCTL_SABKUTIL_SET_VISTA_PRIVILEGES_FOR_CURRENT_PROCESS request.

The vulnerabilities are reported in version 4.6.1000. Other versions
may also be affected.

SOLUTION:
Restrict local access to trusted users only.

PROVIDED AND/OR DISCOVERED BY:
Luka Milkovic

ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0195.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close