text:100026EC lea eax, stack buffer received msg text:100026E4 mov edi, attacker-controlled Inside the key exchange message, an unauthenticated, remote attacker can specify a large 'SigPubkeyLen' field (i.e., 0x1fffff) to cause a buffer over-read/over-write condition in DWRCRSA.dll: During the key exchange, the client signs the ECDH shared secret with an EC private key and sends the server both the signature and the EC public key so that the server can verify the signature. When the DWRCS.exe 'Allow only FIPS Mode' setting is enabled, DWRCRSA.dll is loaded to perform ECDH key exchange.
0 Comments
Leave a Reply. |