AOH :: HP Unsorted M :: BT-21723.HTM

Multiple Vulnerabilities



Multiple Vulnerabilities
Multiple Vulnerabilities




--=-oavnpazQq0xtaVWmKX+O
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Author:       Francis Provencher (Protek Research Lab's)



--=-oavnpazQq0xtaVWmKX+O
Content-Disposition: attachment; filename="Adobe Shockwave Player Activex Stack overflow.txt"
Content-Type: text/plain; name="Adobe Shockwave Player Activex Stack overflow.txt"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

#####################################################################################

Application:  Adobe ShockWave Player (11.5.1.601)
            
Platforms:    Windows XP Professional French SP2 and SP3

crash:	      IE 6.0.2900.2180
	
Exploitation: remote DoS

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

==============1) Introduction
==============
Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.
These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment,
interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director.

#####################################################################################

===========================2) Technical details 
===========================
Name:	SwDir.dll
Ver.:	11.5.1.601
CLSID:	{233C1507-6A77-46A4-9443-F871F945D258}


(d40.b20): Stack overflow - code c00000fd 
eax=00305004 ebx=00000003 ecx=00032f80 edx=00400000 esi=09ae0024 edi=00400002
eip=69214965 esp=0012df78 ebp=0012df8c iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010202



#####################################################################################

==========3) The Code
==========
Proof of concept DoS code;









#####################################################################################

--=-oavnpazQq0xtaVWmKX+O
Content-Disposition: attachment; filename="Novell Groupwise Client DoS.txt"
Content-Type: text/plain; name="Novell Groupwise Client DoS.txt"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

#####################################################################################

Application:  Novell Groupwise Client 7.0.3.1294
            
Platforms:    Windows XP Professional French SP2 and SP3

crash:	      IE 6.0.2900.2180
	
Exploitation: remote DoS

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

==============1) Introduction
==============
GroupWise is a messaging and collaborative software platform from Novell that supports email, calendaring, personal information management, instant messaging, and document management. The platform consists of the client software, which is available for Windows, Mac OS X, and Linux, and the server software, which is supported on Windows Server, Netware, and Linux. The latest generation of the platform is GroupWise 8, which was launched in 2008.

#####################################################################################

===========================2) Technical details 
===========================
Name:	gxmim1.dll
Ver.:	7.0.3.1294
CLSID:	{9796BED2-C1CF-11D2-9384-0008C7396667}




#####################################################################################

==========3) The Code
==========
Proof of concept DoS code;











#####################################################################################

--=-oavnpazQq0xtaVWmKX+O
Content-Disposition: attachment; filename="QuikSoft emimap4 BoF.txt"
Content-Type: text/plain; name="QuikSoft emimap4 BoF.txt"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

#####################################################################################

Application:  EasyMail Quicksoft 6.0.2.0
            
Platforms:    Windows XP Professional French SP2

crash:	      IE 6.0.2900.2180
	      
	
Exploitation: remote Code Execution

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

==============1) Introduction
==============
Create, send, download, parse, print and store internet email messages in your classic windows application.  Designed for Visual Basic, ASP, C++, Delphi, ColdFusion, PowerBuilder, Access and other development environments.  COM or standard DLL interfaces.  This is the software that processes hundreds of millions of email messages on the Internet every day.

#####################################################################################

===========================2) Technical details 
===========================
Name:	emimap4.dll
Ver.:	6.0.2.0
CLSID:	{0CEA3FB1-7F88-4803-AA8E-AD021566955D}

ModLoad: 037f0000 0381e000   C:\WINDOWS\system32\emimap4.dll
(2088.2388): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0380c878 ecx=0012df70 edx=00000039 esi=0033df18 edi=0033e14c
eip=41414141 esp=0012df88 ebp=41414141 iopl=0         nv up ei pl zr na pe nc





#####################################################################################

==========3) The Code
==========
Proof of concept DoS code;





~



#####################################################################################

--=-oavnpazQq0xtaVWmKX+O
Content-Disposition: attachment; filename="QuikSoft emmailstore BoF.txt"
Content-Type: text/plain; name="QuikSoft emmailstore BoF.txt"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

#####################################################################################

Application:  EasyMail Quicksoft 6.0.2.0
            
Platforms:    Windows XP Professional French SP2

crash:	      IE 6.0.2900.2180
	      
	
Exploitation: remote Code Execution

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

==============1) Introduction
==============
Create, send, download, parse, print and store internet email messages in your classic windows application.  Designed for Visual Basic, ASP, C++, Delphi, ColdFusion, PowerBuilder, Access and other development environments.  COM or standard DLL interfaces.  This is the software that processes hundreds of millions of email messages on the Internet every day.

#####################################################################################

===========================2) Technical details 
===========================
Name:	emmailstore.dll
Ver.:	6.0.2.0
CLSID:	{18A76B9A-45C1-11D3-80DC-00C04F6B92D0}

ModLoad: 10000000 1002c000   C:\WINDOWS\system32\emmailstore.dll
(1670.59c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=000002bd ebx=00000000 ecx=0003ea80 edx=00030608 esi=00038790 edi=00000193
eip=41414141 esp=0013eb44 ebp=0013eb60 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010206
41414141 ??              ???





#####################################################################################

==========3) The Code
==========
Proof of concept DoS code;





~



#####################################################################################

--=-oavnpazQq0xtaVWmKX+O--






The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.