Critical System Protection

 View Only
Back to Library

VLC ModPlug ReadS3M Stack Buffer Overflow Exploitation and Prevention Part-II 

Feb 05, 2012 12:07 PM

In VLC ModPlug ReadS3M Stack Buffer Overflow Exploitation and Prevention Part-I, I explained how to exploit VLC ModPlug ReadS3M Stack Buffer Overflow vulnerability in windows. In this part i will show you how to prevent VLC ModPlug ReadS3M Stack Buffer Overflow vulnerability with Symantec Critical System Protection (SCSP).

Prevention of VLC ModPlug ReadS3M Stack Buffer Overflow Vulnerability

 
1) I logged into my SCSP Server. Click on Prevention Tab -->  Policies.
 
2) I create one policy named Vlc Buffer Overflow Prevention to prevent Adobe Buffer Overflow Vulnerability in Windows.
 
    
 
3) Right Click on Policy and Click Apply policy
 
    
 
4) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.
 
    
 
5) SCSP Prevention is enabled on Windows XP machine.
 
    
 
6) Listner is already running on attaker's machine.
 
    
 
7) Our Victim tries to open the malicious s3m file in vlc player. 
 
    
 
8) But this time SCSP blocks the exploit to execute and didn't give shell to the attacker machine. Attacker will not get meterpreter shell even victim Opens the same file again.
 
    
 
So It is possibe to block VLC ModPlug ReadS3M Stack Buffer Overflow Vulnerability in Windows with Symantec Critical System Protection (SCSP).

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.