Tuesday, December 14, 2010

LOIC 1.1.1.15 - Crafted C&C Channel Topic Could Lead A Crash

Following the trend of these days I played (locally) with one of the latest release of LOIC (Low Orbit Ion Cannon DDOS Tool). Inserting a long (not so) string on the topic of a C&C irc channel, there seems to be a memory corruption condition.

 The screen shot above show a crafted topic that trigger the issue. The impacted tested released is the 1.1.1.15. A few more details related to the .NET exception:


Some important notes: I saw on twitter that someone has retweet this post adding "remote code execution".  I never speak about a "remote code execution" condition for this issue.  

Anyway IMHO this issue could be insert in the counter measures list for this kind of threats. Act from a client side perspective some times maybe useful.

No comments:

Post a Comment