Bugtraq mailing list archives
AOL 9.5 ActiveX Heap Overflow Vulnerability
From: karakorsankara () hotmail com
Date: Mon, 18 Jan 2010 07:23:26 -0700
Product: AOL 9.5 Vulnerability: ActiveX - Heap Overflow Discussion: Vulnerability is in Activex Control ("CDDBControl.dll") Sending a string to BindToFile() , triggering the vulnerability. Successful exploits allow remote attackers to execute arbitrary code. Debugger Results: (fd0.1274): Access violation - code c0000005 (!!! second chance !!!) eax=7efefefe ebx=00000000 ecx=0020d7c0 edx=41414141 esi=03465df0 edi=02b82000 eip=10033011 esp=0020cdac ebp=0020ed20 iopl=0 nv up ei pl zr na pe nc Credits: Celil 'karak0rsan' Unuver and murderkey from Hellcode Research tcc.hellcode.net forum.hellcode.net PoC and Original Advisory: http://tcc.hellcode.net/advisories/hellcode-adv008.txt
Current thread:
- AOL 9.5 ActiveX Heap Overflow Vulnerability karakorsankara (Jan 18)