Returnil Virtual System 2008 - Password Disclosure Issue

-===[ Vulnerable ]============================================-

Product: Returnil Virtual System 2008

[+] Personal Edition 2.0.0.5011 Final

[+] Premium Edition 2.0.0.5007 Final

-=============================================================-

Found on: Tuesday May 6, 2008

Discovered by: fRoGGz [SecuBox Labs]


-===[ Background ]============================================-

The Returnil Virtual System is a powerful virtualization 

technology that completely mirrors your actual computer 

setup. The RVS provides an altogether different and highly 

complimentary level of defense. It's designed to protect 

your computer from all types of software, downloads, 

websites that might harbor viruses, spyware and other 

malicious programs. Returnil virtualization technology 

clones a computer's System Partition and boots the PC into 

this system rather than native Windows, allowing users to 

run your applications in a completely isolated environment.


-===[ Description ]===========================================-

Like many software, configuration access is password protected.

RVSYSTEM.DAT is an encrypted file that contains this config.

But the problem is that the password is decrypted in a static 

memory area BEFORE the user has even identified himself.


Hackers could copy the .dat file or directly grab the plaintext 

password in memory at offset 0x00B0F3A9 then modify the config 

(ex: add a backdoor or keylogger, ...). Of course on every 

future reboot, computer will start with this evil config.


Quote: A private recovery tool have been coded for RVS.

-=============================================================-


Vendor have NOT been notified, it's a minor problem.


Reply via email to