Forum Thread: Super Ad Blocker Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Super Ad Blocker Multiple Vulnerabilities

Secunia Super Ad Blocker Multiple Vulnerabilities
Secunia Official 14th Mar, 2010 22:33
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Luka Milkovic has reported some vulnerabilities in Super Ad Blocker, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

1) The SABProcEnum.sys kernel driver passes user-space pointers in calls to e.g. ZwQueryObject(). This can be exploited to cause a NULL-pointer dereference and crash an affected system via specially crafted IOCTLs.

2) A boundary error exists in SABKUTIL.sys when processing user-space registration requests. This can be exploited to cause a buffer overflow with process ID values and cause a system crash.

3) An error exists in SABKUTIL.sys when processing IOCTL_SABKUTIL_ZWOPENPROCESS requests. This can be exploited to corrupt kernel memory and cause a system crash via invalid parameters passed to ZwOpenProcess().

4) The SABKUTIL.sys driver passes user-mode parameters to the ZwQueryValueKey() function. This can be exploited to overwrite arbitrary memory and potentially gain escalated privileges via a specially crafted IOCTL_SABKUTIL_QUERY_VALUE request.

5) The SABKUTIL.sys driver provides wrappers against registry and file functions. This can be exploited to read arbitrary files and registry keys, or write to arbitrary registry keys via specially crafted IOCTLs.

6) SABKUTIL.sys allows unrestricted access to the SetVistaTokenInformation() function. This can be exploited to cause a crash or gain escalated privileges via a specially crafted IOCTL_SABKUTIL_SET_VISTA_TOKEN_INFORMATION request.

7) An error in SABKUTIL.sys can be exploited to gain escalated privileges via a specially crafted IOCTL_SABKUTIL_SET_VISTA_PRIVILEGES_FOR_CURRENT_PR OCESS request.

The vulnerabilities are reported in version 4.6.1000. Other versions may also be affected.

keithpetersen3

RE: Super Ad Blocker Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.

ePost

RE: Super Ad Blocker Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.