Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit

Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit: " MOV ESI,DWORD PTR SS:[EBP+8] ; Do some other stuffs, we don't care 00D473D8 LEA EDX,DWORD PTR SS:[EBP-1C] ; 00D473DB PUSH EDX 00D473DC PUSH EAX 00D473DD MOV DWORD PTR DS:[ESI+2A0],EAX ; ============= 00D473E3 ==> MOV ECX,DWORD PTR DS:[EAX] ; Here is the problem,the data stored by EAX is referenced and moved into ECX 00D473E5 CALL DWORD PTR DS:[ECX+30] ;Next the address in some struct pointed by ECX is called Now if we're able to setup memory satisfied : Create a struct in memory where the first DWORD in the struct poin"

Coded by lhoang8500

lhoang8500[at]gmail[dot]com

BKIS Center - Vietnam





 













# milw0rm.com [2008-05-02]