6.5 Addendum

Note

Sunday, March 30, 2008

Since the vulnerability was fixed and a new version of avast! is now available, I released a detailed security advisory on my website today.[74] The bug was assigned CVE-2008-1625. Figure 6-9 shows the timeline of the vulnerability fix.

Timeline from vendor notification to the release of my security advisory

Figure 6-9. Timeline from vendor notification to the release of my security advisory

Notes

[57]

[58]

[59]

[60]

[61]

[62]

[63]

[64]

[65]

[66]

[67]

[68]

[69]

[70]

[71]

[72]

[73]

[74]


[57] See SANS Top 20 Internet Security Problems, Threats and Risks (2007 Annual Update), http://www.sans.org/top20/2007/.

[58] See http://www.virustotal.com/.

[59] See http://www.avast.com/.

[60] See http://www.vmware.com/.

[61] WinDbg, the “official” Windows Debugger from Microsoft, is distributed as part of the free “Debugging Tools for Windows” suite available at http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx.

[62] You can find a download link for a vulnerable trial version of avast! Professional 4.7 at http://www.trapkit.de/books/bhd/.

[63] See http://www.nirsoft.net/utils/driverview.html.

[64] See http://www.hex-rays.com/idapro/.

[65] See Mark E. Russinovich and David A. Solomon, Microsoft Windows Internals: Microsoft Windows Server 2003, Windows XP, and Windows 2000, 4th ed. (Redmond, WA: Microsoft Press, 2005).

[66] See MSDN Library: Windows Development: Windows Driver Kit: Kernel-Mode Driver Architecture: Reference: Standard Driver Routines: DriverEntry at http://msdn.microsoft.com/en-us/library/ff544113.aspx.

[67] WinObj is available at http://technet.microsoft.com/en-us/sysinternals/bb896657.aspx.

[68] The Windows Driver Kit can be downloaded at http://www.microsoft.com/whdc/devtools/WDK/default.mspx.

[69] See MSDN Library: Windows Development: Windows Driver Kit: Kernel-Mode Driver Architecture: Reference: Standard Driver Routines: DispatchDeviceControl available at http://msdn.microsoft.com/en-us/library/ff543287.aspx.

[70] See MSDN Library: Windows Development: Windows Driver Kit: Kernel-Mode Driver Architecture: Reference: Kernel Data Types: System-Defined Data Structures: IRP available at http://msdn.microsoft.com/en-us/library/ff550694.aspx.

[71] See MSDN Library: Windows Development: Windows Driver Kit: Kernel-Mode Driver Architecture: Design Guide: Writing WDM Drivers: Managing Input/Output for Drivers: Handling IRPs: Using I/O Control Codes: Buffer Descriptions for I/O Control Codes available at http://msdn.microsoft.com/en-us/library/ff540663.aspx.

[72] See Jamie Butler, DKOM (Direct Kernel Object Manipulation) (presentation, Black Hat Europe, Amsterdam, May 2004), at http://www.blackhat.com/presentations/win-usa-04/bh-win-04-butler.pdf.

[73] See http://www.trapkit.de/books/bhd/.

[74] My security advisory that describes the details of the avast! vulnerability can be found at http://www.trapkit.de/advisories/TKADV2008-002.txt.