I have tested Comodo Memory Firewall on a real world proof of concept exploit, and Comodo Memory Firewall did indeed give an alert when the buffer overflow occurred!
Here is how to reproduce my test:
Uninstall Winamp if it’s currently installed on your computer.
Run the .exe file that the compiler produced. IMPORTANT NOTE: run this file at your own discretion, as I cannot guarantee what it does, although you can examine the source code if you are knowledgeable.
The .exe, when run, creates a .pls file that Winamp can use. Run this .pls file. IMPORTANT NOTE: run this file at your own discretion, as I cannot guarantee what it does. It causes a buffer overflow in Winamp 5.12, and, as a proof of concept, it causes windows Calculator to run. If you have Comodo Memory Firewall installed, you indeed are given an alert about the buffer overflow!
I’d like to point out that Comodo Firewall 3.0, a separate product, will not warn you when this buffer overflow occurs. This is by design, and not a bug in Comodo Firewall 3.0. The point is that you do need Comodo Memory Firewall even if you are currently using Comodo Firewall 3.0!
Thanks to all of you involved in the creation of this program!
Comodo offers the free Comodo BO Tester. But seeing how many times you’ve contributed to the forums, you probably knew that already. Also, I could privately send you the .pls file if you wish.
(:SHY)
no, i mean a real exploit. maybe some nasty sites or bad apps that can produce real BO. you know, i’ve read/heard that BO is a common exploit, it can happen by only opening a website or simply open an email.but i’ve never seen any.
i wanna try yours, but it’s to complex, winamp and some other stuff.
This is a real buffer overflow. My antivirus, NOD32, detects the .pls as infected, although it is not an executable file. The payload, showing windows Calculator, is (allegedly) innocent though. But the source code could be modified to deliver a malicious payload instead.
If you wanted the .pls file, then all you would need to test is to install Winamp 5.12 and then double-click the .pls file in Explorer and you will get a real buffer overflow. The rest of the steps in my writeup are merely how to generate the .pls file.
By the way, you can also get a buffer overflow by what this proof of concept demonstrates, namely using a purposely poisoned non-executable data file crafted for a specific program that has buffer overflow flaws.
Reading the posts I believe you, and as said Ganda, I’m too lazy :THNK to download Winamp 5.12, and honestly I don’t use it, my stereo player (Sony CPT-555) plays MP3 as well. I’m from the old school, I like to hear the sound from big speakers as when I did in my teenager years. But the bottom line here is that CMF is working fine and without problems as I posted in a separate topic
Oy, milw0rm has some good POC (proof of concept) exploits, as does Metasploit. It should be strongly noted (as per MrBrian’s post) that running these may have unintended consequences - they are designed to treat your system harshly in order to run the exploit.
If you don’t want to compile code and all that, you might have some fun with BackTrack, a penetration testing Linux distribution. Download the Live ISO, and run in a virtual machine setting. They have some tools from both these sites included. I haven’t tried crossing from a VM to Windows (ie, to cause the exploit in Windows on the same machine), but it may be possible. Then you can see how Windows security reacts…