Saturday, September 25, 2010

Microsoft DRM technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities

Detail of POC can be viewed
http://www.exploit-db.com/exploits/15061/
http://www.securityfocus.com/bid/43345/info

Microsoft DRM technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities
by

Asheesh Kumar Mani Tripathi


# Vulnerability Discovered By Asheesh kumar Mani Tripathi

# email informationhacker08@gmail.com

# company www.aksitservices.co.in

# Credit by Asheesh Anaconda

# Date 18th Sep 2010

# Description: Microsoft DRM technology (msnetobj.dll) ActiveX suffers from multiple remote vulnerabilities such as buffer overflow, integer overflow and denial of service (IE crash). This issue is triggered when an attacker convinces a victim user to visit a malicious website.

The "GetLicenseFromURLAsync" function does not handle input correctly.
Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Faile exploit attempts likely result in browser crashes.

Detail of POC can be viewed
link:http://www.exploit-db.com/exploits/15061/
link:http://www.securityfocus.com/bid/43345/info