text:100034FB lea eax, attacker-controlled text:100034F3 mov edi, attacker-controlled An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen. The server does not perform proper validation on CltDHPubKeyLen, RsaSignatureLen, and RsaPubKeyLen. Le32 SrvDHSharedSecretByteSum // server-computed sum of all bytes in the secretīyte RsaSignature // client-generated signature of the shared secret with RSA_SHA512īyte RsaPubKey // client's RSA public key in DER format Le32 SrvDHSharedSecretLen // length of server-computed DH shared secret Le32 CltDHSharedSecretByteSum // client-computed sum of all bytes in the secret Le32 CltDHSharedSecretLen // length of client-computed DH shared secret The key exchange is carried out in a message with the following format: struct MSG_000105b9 1) Unauthenticated Remote Heap buffer overflowĪ client negotiates a session key with DWRCS.exe by performing a Diffie-Hellman (DH) key exchange.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |