0x00漏洞信息
漏洞编号:CVE-2006-3439
漏洞类型:远程执行代码
最高等级:严重
漏洞位置:netapi32.dll的NetpwPathCanonicalize函数存在栈溢出
影响软件:
Windows 2000,
Windows XP Service Pack 1,
Windows XP Service Pack 2,
Windows Server 2003,
Windows Server 2003 Service Pack 1
0x01漏洞分析
关键函数逆向
int __stdcall sub_7517FC68(wchar_t* Str, wchar_t* Source, wchar_t* a3, int a4, int a5) { size_t v5; // esi size_t v6; // eax __int16 v7; // ax int result; // eax size_t v9; // eax __int16 v10; // [esp+Ah] [ebp-416h] wchar_t Dest; // [esp+Ch] [ebp-414h] //source=103 v5 = 0; if (Str) { v6 = wcslen(Str); v5 = v6; if (v6) { if (v6 > 0x411) return 123; wcscpy(&Dest, Str); v7 = *(&v10 + v5); if (v7 != 92 && v7 != 47) { wcscat(&Dest, L"\\"); ++v5; } if (*Source == 92 || *Source == 47) ++Source; } } else { Dest = 0; } if (v5 + wcslen(Source) > 0x411) return 123; wcscat(&Dest, Source); sub_7518AE95(&Dest); if (!sub_7518AEB3(&Dest) && !sub_7518AFE2(&Dest)) return 123; v9 = 2 * wcslen(&Dest) + 2; if (v9 <= a4) { wcscpy(a3, &Dest); result = 0; } else { if (a5) *(int*)a5 = v9; result = 2123; } return result; }
漏洞简单无分析