module
Iconics GENESIS32 Integer Overflow Version 9.21.201.01
| Disclosed | Created |
|---|---|
| Mar 21, 2011 | May 30, 2018 |
Disclosed
Mar 21, 2011
Created
May 30, 2018
Description
The GenBroker service on port 38080 is affected by three integer overflow
vulnerabilities while handling opcode 0x4b0, which is caused by abusing the
the memory allocations needed for the number of elements passed by the client.
This results unexpected behaviors such as direct registry calls, memory location
calls, or arbitrary remote code execution. Please note that in order to ensure
reliability, this exploit will try to open calc (hidden), inject itself into the
process, and then open up a shell session. Also, DEP bypass is supported.
vulnerabilities while handling opcode 0x4b0, which is caused by abusing the
the memory allocations needed for the number of elements passed by the client.
This results unexpected behaviors such as direct registry calls, memory location
calls, or arbitrary remote code execution. Please note that in order to ensure
reliability, this exploit will try to open calc (hidden), inject itself into the
process, and then open up a shell session. Also, DEP bypass is supported.
Authors
Luigi Auriemma
Lincoln
corelanc0d3r peter.ve@corelan.be
Lincoln
corelanc0d3r peter.ve@corelan.be
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.