Submit #6124: EMAIL-WORM.WIN32.AGENT.GI / Remote Stack Buffer Overflow - (UDP Datagram)信息

TitleEMAIL-WORM.WIN32.AGENT.GI / Remote Stack Buffer Overflow - (UDP Datagram)
DescriptionDiscovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Email-Worm.Win32.Agent.gi Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram) Description: Creates a service "Microsoft ASPI Manager" and listens on TCP ports 80, 81 and UDP 53. The service process is a dropped executable named aspimgr.exe that runs with SYSTEM integrity. Third party attackers can send 332 bytes to UDP port 53 to overwrite the instruction pointer (EIP) and possibly gain SYSTEM privileges. The Exploit PoC uses the typical 41414141 pattern and 52525252 "R" character for EIP overwrite. Type: PE32 MD5: 74e65773735f977185f6a09f1472ea46 Vuln ID: MVID-2021-0036 Dropped files: aspimgr.exe ASLR: False DEP: False Safe SEH: True Disclosure: 01/18/2021 Memory Dump: (1a78.e44): Access violation - code c0000005 (first/second chance not available) eax=00000000 ebx=00000000 ecx=52525252 edx=773e9d70 esi=00000000 edi=00000000 eip=52525252 esp=03291450 ebp=03291470 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 52525252 ?? ??? 0:007> !exchain 03291464: ntdll!ExecuteHandler2+44 (773e9d70) 03291a14: ntdll!ExecuteHandler2+44 (773e9d70) 03291fc4: ntdll!ExecuteHandler2+44 (773e9d70) 03292574: ntdll!ExecuteHandler2+44 (773e9d70) 03292b24: ntdll!ExecuteHandler2+44 (773e9d70) 032930d4: ntdll!ExecuteHandler2+44 (773e9d70) 03293684: ntdll!ExecuteHandler2+44 (773e9d70) 03293c34: ntdll!ExecuteHandler2+44 (773e9d70) 032941e4: ntdll!ExecuteHandler2+44 (773e9d70) 03294794: ntdll!ExecuteHandler2+44 (773e9d70) 03294d44: ntdll!ExecuteHandler2+44 (773e9d70) 032952f4: ntdll!ExecuteHandler2+44 (773e9d70) 032958a4: ntdll!ExecuteHandler2+44 (773e9d70) 03295e54: ntdll!ExecuteHandler2+44 (773e9d70) 03296404: ntdll!ExecuteHandler2+44 (773e9d70) 032969b4: ntdll!ExecuteHandler2+44 (773e9d70) 03296f64: ntdll!ExecuteHandler2+44 (773e9d70) 03297514: ntdll!ExecuteHandler2+44 (773e9d70) 03297ac4: ntdll!ExecuteHandler2+44 (773e9d70) 03298074: ntdll!ExecuteHandler2+44 (773e9d70) 03298624: ntdll!ExecuteHandler2+44 (773e9d70) 03298bd4: ntdll!ExecuteHandler2+44 (773e9d70) 03299184: ntdll!ExecuteHandler2+44 (773e9d70) 03299734: ntdll!ExecuteHandler2+44 (773e9d70) 03299ce4: ntdll!ExecuteHandler2+44 (773e9d70) 0329a294: ntdll!ExecuteHandler2+44 (773e9d70) 0329a844: ntdll!ExecuteHandler2+44 (773e9d70) 0329adf4: ntdll!ExecuteHandler2+44 (773e9d70) 0329b3a4: ntdll!ExecuteHandler2+44 (773e9d70) 0329b954: ntdll!ExecuteHandler2+44 (773e9d70) 0329bf04: ntdll!ExecuteHandler2+44 (773e9d70) 0329c4b4: ntdll!ExecuteHandler2+44 (773e9d70) 0329ca64: ntdll!ExecuteHandler2+44 (773e9d70) 0329d014: ntdll!ExecuteHandler2+44 (773e9d70) 0329d5c4: ntdll!ExecuteHandler2+44 (773e9d70) 0329db74: ntdll!ExecuteHandler2+44 (773e9d70) 0329e124: ntdll!ExecuteHandler2+44 (773e9d70) 0329e6d4: ntdll!ExecuteHandler2+44 (773e9d70) 0329ec84: ntdll!ExecuteHandler2+44 (773e9d70) 0329f234: ntdll!ExecuteHandler2+44 (773e9d70) 0329f7e4: ntdll!ExecuteHandler2+44 (773e9d70) 0329fd94: ntdll!ExecuteHandler2+44 (773e9d70) 032a0344: ntdll!ExecuteHandler2+44 (773e9d70) 032a08f4: ntdll!ExecuteHandler2+44 (773e9d70) 032a0ea4: ntdll!ExecuteHandler2+44 (773e9d70) 032a1454: ntdll!ExecuteHandler2+44 (773e9d70) 032a1a04: ntdll!ExecuteHandler2+44 (773e9d70) 032a1fb4: ntdll!ExecuteHandler2+44 (773e9d70) 032a2564: ntdll!ExecuteHandler2+44 (773e9d70) 032a2b14: ntdll!ExecuteHandler2+44 (773e9d70) 032a30c4: ntdll!ExecuteHandler2+44 (773e9d70) 032a3674: ntdll!ExecuteHandler2+44 (773e9d70) 032a3c24: ntdll!ExecuteHandler2+44 (773e9d70) 032a41d4: ntdll!ExecuteHandler2+44 (773e9d70) 032a4784: ntdll!ExecuteHandler2+44 (773e9d70) 032a4d34: ntdll!ExecuteHandler2+44 (773e9d70) 032a52e4: ntdll!ExecuteHandler2+44 (773e9d70) 032a5894: ntdll!ExecuteHandler2+44 (773e9d70) 032a5e44: ntdll!ExecuteHandler2+44 (773e9d70) 032a63f4: ntdll!ExecuteHandler2+44 (773e9d70) 032a69a4: ntdll!ExecuteHandler2+44 (773e9d70) 032a6f54: ntdll!ExecuteHandler2+44 (773e9d70) 032a7504: ntdll!ExecuteHandler2+44 (773e9d70) 032a7ab4: ntdll!ExecuteHandler2+44 (773e9d70) 032a8064: ntdll!ExecuteHandler2+44 (773e9d70) 032a8614: ntdll!ExecuteHandler2+44 (773e9d70) 032a8bc4: ntdll!ExecuteHandler2+44 (773e9d70) 032a9174: ntdll!ExecuteHandler2+44 (773e9d70) 032a9724: ntdll!ExecuteHandler2+44 (773e9d70) 032a9cd4: ntdll!ExecuteHandler2+44 (773e9d70) 032aa284: ntdll!ExecuteHandler2+44 (773e9d70) 032aa834: ntdll!ExecuteHandler2+44 (773e9d70) 032aade4: ntdll!ExecuteHandler2+44 (773e9d70) 032ab394: ntdll!ExecuteHandler2+44 (773e9d70) 032ab944: ntdll!ExecuteHandler2+44 (773e9d70) 032abef4: ntdll!ExecuteHandler2+44 (773e9d70) 032ac4a4: ntdll!ExecuteHandler2+44 (773e9d70) 032aca54: ntdll!ExecuteHandler2+44 (773e9d70) 032ad004: ntdll!ExecuteHandler2+44 (773e9d70) 032ad5b4: ntdll!ExecuteHandler2+44 (773e9d70) 032adb64: ntdll!ExecuteHandler2+44 (773e9d70) 032ae114: ntdll!ExecuteHandler2+44 (773e9d70) 032ae6c4: ntdll!ExecuteHandler2+44 (773e9d70) 032aec74: ntdll!ExecuteHandler2+44 (773e9d70) 032af224: ntdll!ExecuteHandler2+44 (773e9d70) 032af7d4: ntdll!ExecuteHandler2+44 (773e9d70) 032afd84: ntdll!ExecuteHandler2+44 (773e9d70) 032b0334: ntdll!ExecuteHandler2+44 (773e9d70) 032b08e4: ntdll!ExecuteHandler2+44 (773e9d70) 032b0e94: ntdll!ExecuteHandler2+44 (773e9d70) 032b1444: ntdll!ExecuteHandler2+44 (773e9d70) 032b19f4: ntdll!ExecuteHandler2+44 (773e9d70) 032b1fa4: ntdll!ExecuteHandler2+44 (773e9d70) 032b2554: ntdll!ExecuteHandler2+44 (773e9d70) 032b2b04: ntdll!ExecuteHandler2+44 (773e9d70) 032b30b4: ntdll!ExecuteHandler2+44 (773e9d70) 032b3664: ntdll!ExecuteHandler2+44 (773e9d70) 032b3c14: ntdll!ExecuteHandler2+44 (773e9d70) 032b41c4: ntdll!ExecuteHandler2+44 (773e9d70) 032b4774: ntdll!ExecuteHandler2+44 (773e9d70) 032b4d24: ntdll!ExecuteHandler2+44 (773e9d70) 032b52d4: ntdll!ExecuteHandler2+44 (773e9d70) 032b5884: ntdll!ExecuteHandler2+44 (773e9d70) 032b5e34: ntdll!ExecuteHandler2+44 (773e9d70) 032b63e4: ntdll!ExecuteHandler2+44 (773e9d70) 032b6994: ntdll!ExecuteHandler2+44 (773e9d70) 032b6f44: ntdll!ExecuteHandler2+44 (773e9d70) 032b74f4: ntdll!ExecuteHandler2+44 (773e9d70) 032b7aa4: ntdll!ExecuteHandler2+44 (773e9d70) 032b8054: ntdll!ExecuteHandler2+44 (773e9d70) 032b8604: ntdll!ExecuteHandler2+44 (773e9d70) 032b8bb4: ntdll!ExecuteHandler2+44 (773e9d70) 032b9164: ntdll!ExecuteHandler2+44 (773e9d70) 032b9714: ntdll!ExecuteHandler2+44 (773e9d70) 032b9cc4: ntdll!ExecuteHandler2+44 (773e9d70) 032ba274: ntdll!ExecuteHandler2+44 (773e9d70) 032ba824: ntdll!ExecuteHandler2+44 (773e9d70) 032badd4: ntdll!ExecuteHandler2+44 (773e9d70) 032bb384: ntdll!ExecuteHandler2+44 (773e9d70) 032bb934: ntdll!ExecuteHandler2+44 (773e9d70) 032bbee4: ntdll!ExecuteHandler2+44 (773e9d70) 032bc494: ntdll!ExecuteHandler2+44 (773e9d70) 032bca44: ntdll!ExecuteHandler2+44 (773e9d70) 032bcff4: ntdll!ExecuteHandler2+44 (773e9d70) 032bd5a4: ntdll!ExecuteHandler2+44 (773e9d70) 032bdb54: ntdll!ExecuteHandler2+44 (773e9d70) 032be104: ntdll!ExecuteHandler2+44 (773e9d70) 032be6b4: ntdll!ExecuteHandler2+44 (773e9d70) 032bec64: ntdll!ExecuteHandler2+44 (773e9d70) 032bf214: ntdll!ExecuteHandler2+44 (773e9d70) 032bf7c4: ntdll!ExecuteHandler2+44 (773e9d70) 032bfd74: ntdll!ExecuteHandler2+44 (773e9d70) 032c0324: ntdll!ExecuteHandler2+44 (773e9d70) 032c08d4: ntdll!ExecuteHandler2+44 (773e9d70) 032c0e84: ntdll!ExecuteHandler2+44 (773e9d70) 032c1434: ntdll!ExecuteHandler2+44 (773e9d70) 032c19e4: ntdll!ExecuteHandler2+44 (773e9d70) 032c1f94: ntdll!ExecuteHandler2+44 (773e9d70) 032c2544: ntdll!ExecuteHandler2+44 (773e9d70) 032c2af4: ntdll!ExecuteHandler2+44 (773e9d70) 032c30a4: ntdll!ExecuteHandler2+44 (773e9d70) 032c3654: ntdll!ExecuteHandler2+44 (773e9d70) 032c3c04: ntdll!ExecuteHandler2+44 (773e9d70) 032c41b4: ntdll!ExecuteHandler2+44 (773e9d70) 032c4764: ntdll!ExecuteHandler2+44 (773e9d70) 032c4d14: ntdll!ExecuteHandler2+44 (773e9d70) 032c52c4: ntdll!ExecuteHandler2+44 (773e9d70) 032c5874: ntdll!ExecuteHandler2+44 (773e9d70) 032c5e24: ntdll!ExecuteHandler2+44 (773e9d70) 032c63d4: ntdll!ExecuteHandler2+44 (773e9d70) 032c6984: ntdll!ExecuteHandler2+44 (773e9d70) 032c6f34: ntdll!ExecuteHandler2+44 (773e9d70) 032c74e4: ntdll!ExecuteHandler2+44 (773e9d70) 032c7a94: ntdll!ExecuteHandler2+44 (773e9d70) 032c8044: ntdll!ExecuteHandler2+44 (773e9d70) 032c85f4: ntdll!ExecuteHandler2+44 (773e9d70) 032c8ba4: ntdll!ExecuteHandler2+44 (773e9d70) 032c9154: ntdll!ExecuteHandler2+44 (773e9d70) 032c9704: ntdll!ExecuteHandler2+44 (773e9d70) 032c9cb4: ntdll!ExecuteHandler2+44 (773e9d70) 032ca264: ntdll!ExecuteHandler2+44 (773e9d70) 032ca814: ntdll!ExecuteHandler2+44 (773e9d70) 032cadc4: ntdll!ExecuteHandler2+44 (773e9d70) 032cb374: ntdll!ExecuteHandler2+44 (773e9d70) 032cb924: ntdll!ExecuteHandler2+44 (773e9d70) 032cbed4: ntdll!ExecuteHandler2+44 (773e9d70) 032cc484: ntdll!ExecuteHandler2+44 (773e9d70) 032cca34: ntdll!ExecuteHandler2+44 (773e9d70) 032ccfe4: ntdll!ExecuteHandler2+44 (773e9d70) 032cd594: ntdll!ExecuteHandler2+44 (773e9d70) 032cdb44: ntdll!ExecuteHandler2+44 (773e9d70) 032ce0f4: ntdll!ExecuteHandler2+44 (773e9d70) 032ce6a4: ntdll!ExecuteHandler2+44 (773e9d70) 032cec54: ntdll!ExecuteHandler2+44 (773e9d70) 032cf204: ntdll!ExecuteHandler2+44 (773e9d70) 032cf7b4: ntdll!ExecuteHandler2+44 (773e9d70) 032cfd64: ntdll!ExecuteHandler2+44 (773e9d70) 032d0314: ntdll!ExecuteHandler2+44 (773e9d70) 032d08c4: ntdll!ExecuteHandler2+44 (773e9d70) 032d0e74: ntdll!ExecuteHandler2+44 (773e9d70) 032d1424: ntdll!ExecuteHandler2+44 (773e9d70) 032d19d4: ntdll!ExecuteHandler2+44 (773e9d70) 032d1f84: ntdll!ExecuteHandler2+44 (773e9d70) 032d2534: ntdll!ExecuteHandler2+44 (773e9d70) 032d2ae4: ntdll!ExecuteHandler2+44 (773e9d70) 032d3094: ntdll!ExecuteHand
Source⚠️ https://www.malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt
Usermalvuln (ID 14984)
Submission2021-01-18 21時08分 (3 years ago)
Moderation2021-01-19 07時09分 (10 hours later)
Status已接受
VulDB Entry168079

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!