Comodo Memory Guardian 检测到QQ2007有BO漏洞???

rcbblgy

Tyler Durden如此回复的：This exploit doesn't work on your office mate. It's just a very old PoC.

rcbblgy

他始终说没有溢出，当有溢出时就会报 ，如果没有溢出为什么在我这CPU会被word占满？

No shellcode executed by it, because it doesn't work. Corresponding version of the Office is not enough to make it work mate, you need exactly the same OS version/language for this exploit. And when it'll work, CMG will detect it. 'Cause CMG does not detect a strange behavior but a shellcode execution on BO.

ubuntu

他的回复的意思是说，并没有溢出的shellcode执行，只是占用CPU这种行为，CMG是不检测的。并且这个PoC可能有缺陷，在你的现有条件下不能工作。

ubuntu

Tyler Durden 修改了PoC 的代码，已经可以拦截了。
你只要去告诉他你的windows 具体版本(他是俄文版 XP SP2)，他会发一个在你的系统上工作的版本。

I've fixed this exploit to make it work (now it should execute cmd.exe) but the "shellcode" is very OS specific (calls API by a hardcoded address in ret2libc manner), so probably it'll not work on you version of Windows (mine is XP SP2 Russian. Send me pls your version, so I can make it works for you, if you want). I can't inject the real shellcode into it 'cause the stack buffer is very small in this vulnerability. That's why it's just a PoC I think.

wolfmei

Comodo的态度比腾讯的好多了,起码我在腾讯SEND一个BUG报告,到现在都没回复我...而COMODO的却...真是差别太大了!!!!

支持comodo!!!

rcbblgy

那个word文档还对系统有要求啊，看来我弄错了，它似乎也不是真正的溢出。

jpzy

这个CMG资源占用是多少？

ubuntu

不占CPU、内存也不大

rcbblgy

V3两个进程每个才占5M左右，单独的一个反溢出功能就占这么大有点夸张，以后整合了会好些吧。

linr

应该不会误报吧，很可能有这种情况发生的