##############################################################################
#
#  ooVoo URI Handler Remote Stack Based BOF Vulnerability
#
#  Copyright: SecPod
#
#  Date Written: 2008/11/13
#
#  Revision: 1.1
#
#  Log : ssharath
#  Issue #0470
#  ------------------------------------------------------------------------
#  This program was written by SecPod and is licensed under the GNU GPL 
#  license. Please refer to the below link for details,
#  http://www.gnu.org/licenses/gpl.html
#  This header contains information regarding licensing terms under the GPL, 
#  and information regarding obtaining source code from the Author. 
#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
#  information found in this header with any distribution you make of this 
#  Program.
#  ------------------------------------------------------------------------
##############################################################################

if(description)
{
  script_id(900177);
  script_bugtraq_id(32251);
  script_copyright(english:"Copyright (C) 2008 SecPod");
  script_version("Revision: 1.1 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Denial of Service");
  script_name(english:"ooVoo URI Handler Remote Stack Based BOF Vulnerability");
  script_summary(english:"Check for vulnerable version of ooVoo");
  desc["english"] = "
  Overview : This host has ooVoo installed and is prone to stack-based buffer
  overflow vulnerability. 

  The flaw is caused due to boundary error within the 'URI' handling of
  command line arguments. This can be exploited to cause stack base buffer
  overflow.

  Impact:
  Successful exploitation will allow execution of arbitrary code, and denial of
  service.

  Impact Level : Application

  Affected Software/OS :
  ooVoo ooVoo version 1.7.1.57 and prior

  Fix : Upgrabe to higher version
  http://www.oovoo.com//download/

  References:
  http://milw0rm.com/exploits/7090
  http://secunia.com/advisories/32698
  http://www.securityfocus.com/bid/32251

  CVSS Score:
    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
    CVSS Temporal Score : 8.4
  Risk factor : High";

  script_description(english:desc["english"]);
  script_dependencies("secpod_reg_enum.nasl");
  script_require_keys("SMB/WindowsVersion");
  exit(0);
}


include("smb_nt.inc");
include("secpod_smb_func.inc");

if(!get_kb_item("SMB/WindowsVersion")){
  exit(0);
}

key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
entries = registry_enum_keys(key:key);

foreach item (entries)
{
  if("ooVoo" >< registry_get_sz(key:key + item, item:"DisplayName"))
  {
    # Grep or versions 1.7.1.57 and prior
    if((egrep(pattern:"^(0(\..*)?|1\.([0-6](\..*)?|7(\.0(\..*)?|\.1(\.[0-4]?" +
                      "[0-9]|\.5[0-7])?)))$",
              string:registry_get_sz(key:key + item, item:"DisplayVersion"))))
    {
      security_hole(0);
      exit(0);
    }
  }
}