Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 25th, 2009

Latest Version Of Green Dam Vulnerable To Remote Code Execution

The recently exposed as vulnerable to trivial remotely exploitable flaws Chinese censorware Green Dam, has silently patched the security flaws. However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild.

Green Dam intercepts Internet traffic using a library called SurfGd.dll. Even after the security patch, SurfGd.dll uses a fixed-length buffer to process web site requests, and malicious web sites can still overrun this buffer to take control of execution. The program now checks the lengths of the URL and the individual HTTP request headers, but the sum of the lengths is erroneously allowed to be greater than the size of the buffer. An attacker can compromise the new version by using both a very long URL and a very long “Host” HTTP header. The pre-update version 3.17, which we examined in our original report, is also susceptible to this attack.

According to Green Dam’s official web site, the latest 3.17 version which still remains exploitable, has already been downloaded 426,138 times, combined with raw data on over 7,172,500 downloads of the previously vulnerable version, the current situation could easily turn the “Great Botnet of China” from theory into practice if the exploits ends up embedded within a web malware exploitation kit.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • Remote-Execution Vulnerability In Adobe Flash
  • 68 Fixes In Apple Update 10.5.3 and Apple Security Update 2008-003
  • New Firefox 3.0 Is Vulnerable To High-Severity Code Execution
  • Remote Code Execution Through Intel CPU Vulnerability Will Be Presented In Hack In The Box Security Conference
  • Mozilla Fixes 12 Security Vulnerabilities In Firefox

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Latest Version Of Green Dam Vulnerable To Remote Code Execution

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.