Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Remote Code Execute Date: 2011-5-27 Discovered by: boahat vendor: http://www.magnetosoft.com/ Download: http://www.magnetosoft.com/downloads/skicmp_setup.exe SKIcmp.ocx Function ICMPSendEchoRequest ( ByVal bstrDestinationAddress As String ) As Long .text:1000F012 mov edx, [ebx+8] // edx can be control .text:1000F015 lea ecx, [esp+468h+String1] .text:1000F019 push esi .text:1000F01A push ecx .text:1000F01B call edx // bomb... [POC] # Exploit-DB Note: # According to MagnetSoft The exploit has been fixed in the latest version of the software,5.0.0.1. # The latest version that contains the fix can be downloaded here: # http://www.magnetosoft.com/www/downloads/win32/skdns_setup.exe