Unknown
Novell Unicode Buffer Overflow
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(1 user assessed)Unknown
(1 user assessed)Unknown
Unknown
Unknown
Novell Unicode Buffer Overflow
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The Novell Messenger Client is prone to an overflow condition. The application fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted contact list file containing an arbitrary ‘name’ value of a ‘folder’ tag, a context-dependent attacker can potentially cause arbitrary code execution.
Add Assessment
Technical Analysis
-
[+] Processing arguments and criteria
- Pointer access level : X - Pointer criteria : ['unicoderev']
[+] Generating module info table, hang on…
- Processing modules - Done. Let's rock 'n roll.
[+] Querying 56 modules
- Querying module NMCP32.DLL
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\system32\xpsp2res.dll
- Querying module urlmon.dll - Querying module msxml3.dll - Querying module CRYPT32.dll - Querying module MSASN1.dll - Querying module kernel32.dll - Querying module msvcrt.dll - Querying module GDI32.dll - Querying module ntdll.dll - Querying module nmcd32.dll - Querying module wshtcpip.dll - Querying module WS2_32.dll - Querying module SENSAPI.DLL - Querying module ATL.DLL - Querying module CRYPTUI.dll - Querying module WININET.dll - Querying module CLBCATQ.DLL - Querying module Secur32.dll - Querying module WSOCK32.dll - Querying module rsaenh.dll - Querying module WS2HELP.dll - Querying module ole32.dll - Querying module SHLWAPI.dll - Querying module hnetcfg.dll - Querying module NMCH32.DLL - Querying module USER32.dll - Querying module comdlg32.dll - Querying module IMAGEHLP.dll - Querying module shdocvw.dll - Querying module NMCLEN.DLL - Querying module WINTRUST.dll - Querying module COMRes.dll - Querying module cscui.dll - Querying module OLEAUT32.dll - Querying module NETAPI32.dll - Querying module SHELL32.dll - Querying module RPCRT4.dll - Querying module CSCDLL.dll - Querying module mlang.dll - Querying module NMCL32.exe - Querying module USERENV.dll - Querying module nmenv2.dll - Querying module COMCTL32.dll - Querying module MSCTF.dll - Querying module WLDAP32.dll - Querying module VERSION.dll - Querying module mswsock.dll - Querying module appHelp.dll - Querying module browseui.dll - Querying module NMCA32.DLL - Querying module RichEd20.Dll - Querying module UxTheme.dll - Querying module ADVAPI32.dll - Querying module LINKINFO.dll - Querying module SETUPAPI.dll - Querying module ntshrui.dll - Search complete, processing results
[+] Preparing output file ‘jmp.txt’
- (Re)setting logfile jmp.txt
Done. Found 0 pointers
[+] This mona.py action took 0:02:13.578000
”`
- On the other hand, I’ve installed the linux client, but it’s a Java software, so there isn’t memory corruption, just a message warning about the malformed file
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: